only match by CVE refs

the other refs can be non-specific and refer
to multiple distinct vulns, resulting in
incorrect refs being attached to a vuln leading to
a snowball effect with more and more vulns being
misidentified.

MSP-12183

lib/msf/core/db_manager/vuln.rb

@@ -45,30 +45,8 @@ module Msf::DBManager::Vuln
   end
 
   def find_vuln_by_refs(refs, host, service=nil)
-
+    ref_ids = refs.find_all { |ref| ref.name.starts_with? 'CVE-'}
-    vuln = nil
+    host.vulns.joins(:refs).where(service_id: service.try(:id), refs: { id: ref_ids}).first
-
-    # Try to find an existing vulnerability with the same service & references
-    # If there are multiple matches, choose the one with the most matches
-    if service
-      refs_ids = refs.map{|x| x.id }
-      vuln = service.vulns.where({ 'refs.id' => refs_ids }).includes(:refs).sort { |a,b|
-        ( refs_ids - a.refs.map{|x| x.id } ).length <=> ( refs_ids - b.refs.map{|x| x.id } ).length
-      }.first
-    end
-
-    # Return if we matched based on service
-    return vuln if vuln
-
-    # Try to find an existing vulnerability with the same host & references
-    # If there are multiple matches, choose the one with the most matches
-    # Do not match based on URL refs because they are not unique or authoritative
-    refs_ids = refs.map{|x| x.id unless x.name.starts_with? 'URL-' }.compact
-    vuln = host.vulns.where({ 'service_id' => nil, 'refs.id' => refs_ids }).includes(:refs).sort { |a,b|
-      ( refs_ids - a.refs.map{|x| x.id } ).length <=> ( refs_ids - b.refs.map{|x| x.id } ).length
-    }.first
-
-    return vuln
   end
 
   def get_vuln(wspace, host, service, name, data='')