2020-0187

fdevans · fdevans · commit 653d68f4e8a2 · 2024-12-18T13:44:07.000-08:00
diff --git a/docs/history/CVEs/log4j.md b/docs/history/CVEs/log4j.md
@@ -1,5 +1,5 @@
 ---
-order: 1500
+order: 2000
 ---
 
 # Log4Shell / Log4j Security
diff --git a/docs/history/cves/cve-2016-1000027.md b/docs/history/cves/cve-2016-1000027.md
@@ -1,5 +1,5 @@
 ---
-order: 800
+order: 1800
 ---
 
 # CVE-2016-1000027
diff --git a/docs/history/cves/cve-2020-0187.md b/docs/history/cves/cve-2020-0187.md
@@ -0,0 +1,12 @@
+---
+order: 1300
+---
+
+
+# CVE-2020-0187
+
+::: danger FALSE POSITIVE
+ Rundeck and Runbook Automation are not vulnerable to this CVE.
+:::
+
+This finding is only vulnerable on Android 10.  It does not apply to Rundeck or Runbook Automation products.
diff --git a/docs/history/cves/index.md b/docs/history/cves/index.md
@@ -34,10 +34,11 @@ These are the Security Advisories Rundeck has issued in the past.  It is always
 ## Additional CVE Notes
 
 * Log4j / Log4Shell will flag a false positive vulnerability related to our JIRA plugins. [More Details on this page](log4j.md)
+* [CVE-2016-1000027 Spring Unsafe Java deserialization](cve-2016-1000027.md).
+* [CVE-2020-0187 Android 10 Finding](cve-2020-0187.md).
 * [CVE-2022-45868 H2 DB false positive](cve-2022-45868.md).
 * [CVE-2022-1471 SnakeYAML false positive](cve-2022-1471.md).
 * [CVE-2024-1597 Postgres JDBC Driver Vulnerability](cve-2024-1597.md).
-* [CVE-2016-1000027 Spring Unsafe Java deserialization](cve-2016-1000027.md).
 * [CVE-2023-39017 Quartz Scheduler false positive](cve-2023-39017.md).
 * [CVE-2024-24786 Protobuf finding in Remco](cve-2024-38807.md).
 * [CVE-2024-38807 Spring Boot false positive](cve-2024-38807.md).
