From 2553222244c2106462050ee375fd060a0618bfac Mon Sep 17 00:00:00 2001 From: Timmy <106584457+TimmyBugcrowd@users.noreply.github.com> Date: Thu, 4 Jul 2024 18:21:59 +0200 Subject: [PATCH] VRT-release-changes (#415) * VRT-release-changes * Update cvss_v3.json * Update cwe.json * Adding SCW --------- Co-authored-by: Abhinav Nain --- mappings/cvss_v3/cvss_v3.json | 28 +++++++++++--- mappings/cwe/cwe.json | 8 ++-- .../remediation_advice.json | 32 ++++++++++++++++ .../secure-code-warrior-links.json | 6 ++- vulnerability-rating-taxonomy.json | 38 +++++++++++++++---- 5 files changed, 94 insertions(+), 18 deletions(-) diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json index 56e6611..9e873fe 100644 --- a/mappings/cvss_v3/cvss_v3.json +++ b/mappings/cvss_v3/cvss_v3.json @@ -31,6 +31,18 @@ "id": "unsafe_cross_origin_resource_sharing", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N" }, + { + "id": "software_package_takeover", + "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "id": "email_verification_bypass", + "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" + }, + { + "id": "missing_subresource_integrity", + "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N" + }, { "id": "request_smuggling", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" @@ -362,10 +374,6 @@ "id": "two_fa_bypass", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, - { - "id": "privilege_escalation", - "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" - }, { "id": "cleartext_transmission_of_session_token", "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" @@ -581,7 +589,11 @@ { "id": "over_http", "cvss_v3": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" - } + }, + { + "id": "password_reset_token", + "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" + } ] }, { @@ -715,7 +727,11 @@ { "id": "username_enumeration", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" - } + }, + { + "id": "privilege_escalation", + "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" + } ] }, { diff --git a/mappings/cwe/cwe.json b/mappings/cwe/cwe.json index 1866223..36457d1 100644 --- a/mappings/cwe/cwe.json +++ b/mappings/cwe/cwe.json @@ -204,10 +204,6 @@ "id": "two_fa_bypass", "cwe": ["CWE-304"] }, - { - "id": "privilege_escalation", - "cwe": ["CWE-269"] - }, { "id": "cleartext_transmission_of_session_token", "cwe": ["CWE-319"] @@ -306,6 +302,10 @@ "id": "exposed_sensitive_android_intent", "cwe": ["CWE-927"] }, + { + "id": "privilege_escalation", + "cwe": ["CWE-269"] + }, { "id": "exposed_sensitive_ios_url_scheme", "cwe": ["CWE-939"] diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json index ffe20d6..ed1f508 100644 --- a/mappings/remediation_advice/remediation_advice.json +++ b/mappings/remediation_advice/remediation_advice.json @@ -33,6 +33,30 @@ "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS" ] }, + { + "id": "email_verification_bypass", + "remediation_advice": "1. **Implement Robust Token Validation:** Ensure that any token used for email verification is securely generated and validated. Tokens should be long, random, and use secure hashing algorithms to prevent guessing attacks.\n2. **Secure Transmission:** Use HTTPS to protect the transmission of tokens over the network. Ensure that the tokens are not leaked via URLs in the `Referer` header by instructing users to avoid clicking on links from untrusted sources or by implementing measures to strip sensitive information from URLs.\n3. **Expire Tokens Quickly:** Set a short expiration time for verification tokens to limit the window of opportunity for an attacker. Once a token is used or expires, it should be invalidated immediately to prevent reuse.", + "references": [ + "https://owasp.org/www-community/attacks/Email_Injection", + "https://portswigger.net/web-security/email-security" + ] + }, + { + "id": "missing_subresource_integrity", + "remediation_advice": "1. **Implement SRI:** Add an `integrity` attribute with a base64-encoded hash to `