Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 5. Viewing vulnerabilities using the CLI


Use flightctl get vuln to review CVE data for the estate, a device, a fleet, or the blast radius of a single CVE.

Prerequisites

View the estate summary

  1. Run the following command:

    $ flightctl get vuln --summary-only

    The following output is an example:

    CRITICAL  HIGH  MEDIUM  LOW  UNKNOWN  TOTAL
    3         12    45      28   2        90

List all CVEs

  1. Run the following command:

    $ flightctl get vuln
  2. To sort results, add --sort-by and --order, as in the following examples:

    $ flightctl get vuln --sort-by cvssScore --order desc
    $ flightctl get vuln --sort-by publishedAt --order desc

View device vulnerabilities

  1. Run the following command:

    $ flightctl get vuln device/<device_name>
  2. To include a severity summary before the CVE list, add --summary:

    $ flightctl get vuln device/<device_name> --summary
  3. To show only the summary, use --summary-only:

    $ flightctl get vuln device/<device_name> --summary-only

View fleet vulnerabilities

  1. Run the following command:

    $ flightctl get vuln fleet/<fleet_name>

    You can use --summary or --summary-only with fleet queries the same way as for devices.

View CVE impact

  1. To see affected fleets and device counts for one CVE, run the following command:

    $ flightctl get vuln CVE-2023-44487

    The output includes severity, CVSS score, advisory ID, a link to the Red Hat Security portal or NVD, and per-fleet affected device counts.

List devices affected by a CVE

  1. Run the following command:

    $ flightctl get devices --cve-id CVE-2023-44487
  2. To combine --cve-id with label selectors or other supported --field-selector values, use commands such as the following:

    $ flightctl get devices --cve-id CVE-2023-44487 --selector region=us-west
    $ flightctl get devices --cve-id CVE-2023-44487 --field-selector "metadata.owner notcontains Fleet/"

Output formats and pagination

Run commands such as the following:

$ flightctl get vuln -o json
$ flightctl get vuln device/<device_name> -o yaml
$ flightctl get vuln fleet/<fleet_name> -o wide
$ flightctl get vuln --limit 10 --continue <token>

View CVE lifecycle events

Run the following command:

$ flightctl get events --field-selector="reason in (DeviceVulnerabilityCVEWarning,DeviceVulnerabilityCVECritical,DeviceVulnerabilityCVEResolved)"
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat Dokumentation

Legal Notice

Theme

© 2026 Red Hat
Nach oben