Priorities Queue

Turn correlations into an actionable, team-ready fix queue with clear SLAs and ticket-ready guidance.

Priority Lanes

Drag/drop mocked. Click an item to load the Remediation Snapshot.

Lane rules: score + SLA + exploitability

Fix Now

CVE-2024-3094 · Payments API

18 assets · Due Dec 13

P92

Criticality/Chatter/Exposure/Patch

CVE-2023-44487 · Edge NGINX

64 assets · Due Dec 15

P88

Criticality/Chatter/Exposure/Patch

Fix Next

CVE-2024-21626 · K8s Nodes

9 assets · Due Dec 28

P67

Criticality/Chatter/Exposure/Patch

CVE-2024-6387 · Bastions

21 assets · Due Dec 21

P74

Criticality/Chatter/Exposure/Patch

Watch

CVE-2024-5535 · Grafana

12 assets · Due Jan 07

P54

Lower chatter; monitor exploitability

CVE-2024-1086 · Linux kernel

33 assets · Due Jan 12

P49

Kernel patch window required

Accept Risk

CVE-2022-22965 · Legacy Spring App

6 assets · Exception review pending

P38

Compensating controls required

Remediation Snapshot

Selected: CVE-2024-3094

Fix Now

Payments API 18 assets Due Dec 13

Impact

Potential SSH compromise chain; internet-exposed admin paths present in 3/18 nodes.

Recommended fix

Upgrade vendor package or pin to safe xz 5.4.x.
Compensating controls: temporarily block external SSH where possible; tighten allowlists.
Rollout steps: canary 10% → 50% → 100% across ASG.
Validation: verify sshd linkage + package audit; run smoke tests.
Rollback: revert to last known-good image tag and redeploy.

Playbook

Link: PBK-LNX-012

Open Playbook

Notes: moving items to Accept Risk requires rationale + approver. (Mocked)

Updated Queue refreshed.