We've been alerted to a vulnerability CVE-2019-10392 related to the Jenkins Git client plugin. There is nothing in the qualys knowledgebase about despite the advisory having been released in September 2019. When contacted and prompted several times about this Qualys have advised that there is no ETA despite this being a known vulnerability.
What is the average time for known vulnerabilities to be added to the data base. I can't expect expect our engineers to patch a vulnerability without giving the concrete evidence it exists within our infrastructure and what assets are affected.