Hi,
and thanks again for the detailed info.
Not exactly, the plugin will report both in the plugin output but only the “unquoted service” path as a vulnerability and the “uninstall path” as a “log level” entry for the reason explained in the “insight” tag of the plugin.
Please try to revert to a stable release for productive use for the reason explained in SIGSEGV occurred with openvassd 6 from master - #2 by cfi - Greenbone Community Edition - Greenbone Community Forum. This makes sure that this is not just caused by a bug in GVM which is outside of the scope of this category and topic.
Could you specify the output you got which helps a little bit better what you’re seeing? E.g. the plugin might show to different outputs:
-
The following 'Uninstall' registry entries are using an 'unquoted' path:with a severity of 0.0 -
The following services are using an 'unquoted' service path:with a severity of 9.3
Which one of the both did you get in your report?
The pinned topic VT Development - Vulnerability Tests - Greenbone Community Forum as well as existing examples or asking questions related to NASL coding / plugin development within this category could be used as a starting point.