Add Cryptographic Weakness Category #352
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vortexau
suggested changes
May 2, 2023
|
Approved to be moved into intermediate branch. |
RRudder
added a commit
to bugcrowd/templates
that referenced
this pull request
Aug 15, 2023
Depreciating the Broken Cryptography category and adding Cryptographic Weakness category in its place. As per the VRT update in 352 - bugcrowd/vulnerability-rating-taxonomy#352
RRudder
added a commit
to bugcrowd/templates
that referenced
this pull request
Aug 15, 2023
As per the VRT update in 352 - bugcrowd/vulnerability-rating-taxonomy#352
RRudder
added a commit
to bugcrowd/templates
that referenced
this pull request
Aug 15, 2023
As per the VRT update in 352 - bugcrowd/vulnerability-rating-taxonomy#352
RRudder
added a commit
to bugcrowd/templates
that referenced
this pull request
Aug 15, 2023
...subcategory and variants As per the VRT update in 352 - bugcrowd/vulnerability-rating-taxonomy#352
RRudder
added a commit
to bugcrowd/templates
that referenced
this pull request
Aug 15, 2023
...subcategory and variants. As per the VRT update in 352 - bugcrowd/vulnerability-rating-taxonomy#352
RRudder
added a commit
to bugcrowd/templates
that referenced
this pull request
Aug 15, 2023
...subcategory and variants. As per the VRT update in 352 - bugcrowd/vulnerability-rating-taxonomy#352
RRudder
added a commit
to bugcrowd/templates
that referenced
this pull request
Aug 15, 2023
...subcategory and variants. As per the VRT update in 352 - bugcrowd/vulnerability-rating-taxonomy#352
RRudder
added a commit
to bugcrowd/templates
that referenced
this pull request
Aug 15, 2023
As per the VRT update in 352 - bugcrowd/vulnerability-rating-taxonomy#352
RRudder
added a commit
to bugcrowd/templates
that referenced
this pull request
Aug 15, 2023
As per the VRT update in 352 - bugcrowd/vulnerability-rating-taxonomy#352
RRudder
added a commit
to bugcrowd/templates
that referenced
this pull request
Aug 15, 2023
As per the VRT update in 352 - bugcrowd/vulnerability-rating-taxonomy#352
RRudder
added a commit
to bugcrowd/templates
that referenced
this pull request
Aug 15, 2023
As per the VRT update in 352 - bugcrowd/vulnerability-rating-taxonomy#352
RRudder
added a commit
to bugcrowd/templates
that referenced
this pull request
Aug 15, 2023
As per the VRT update in 352 - bugcrowd/vulnerability-rating-taxonomy#352
TimmyBugcrowd
added a commit
that referenced
this pull request
Oct 30, 2023
nnons
pushed a commit
that referenced
this pull request
Nov 13, 2023
* Updating the SSRF category * Revert "Updating the SSRF category" This reverts commit 785bd8b. * Update SSRF classification from `Broken Access Control` to `Server Security Misconfiguration` * Update SSRF mappings in CVSS V3, CWE, and Remediation Advice files * Refactor SSRF category and split `External` variant into `GET Request Only` and `DNS Query Only` * Update CVSS V3 mapping to include the updated mappings for the `External` SSRF variant * PII-leakage-update FROM: P1 - Automotive Security Misconfiguration - Infotainment, Radio Head Unit - PII Leakage TO: P1 - Automotive Security Misconfiguration - Infotainment, Radio Head Unit - Sensitive data Leakage/Exposure Varies - Sensitive Data Exposure - Disclosure of Secrets - PII Leakage/Exposure * Update secure-code-warrior-links.json * Update remediation_advice.json * Update remediation_advice.json * Update cwe.json * Update cwe.json * Update cwe.json * Update cwe.json * Update cwe.json * Update cwe.json * Update cwe.json * Update remediation_advice.json * HTTP Request Smuggling Adding HTTP Request Smuggling as a new VRT entry. * Update remediation_advice.json * Update cvss_v3.json * Failure to invalidate session on permission change Adding Failure to invalidate session on permission change as a new VRT entry. * Update cwe.json * Update cwe.json * Update remediation_advice.json * Update cwe.json * Deprecation of XSS on IE11 REMOVE: P4 - Cross-Site Scripting (XSS) - IE-Only - IE11 FROM: P5 - Cross-Site Scripting (XSS) - IE-Only - Older Version (< IE11) TO: P5 - Cross-Site Scripting (XSS) - IE-Only * Update remediation_advice.json * LDAP Injection Adding LDAP Injection as a new VRT entry. * Update cwe.json * Update remediation_advice.json * Update cvss_v3.json * HTML-Injection Adding the category below to VRT: P5 - Server-Side Injection - Content Spoofing - HTML Content Injection * SSRF External Low Impact * new IDOR variants new IDOR variants * LDAP Injection (#367) * Update vulnerability-rating-taxonomy.json * Update cvss_v3.json * Update cvss_v3.json * New Changes LDAP Injection * Cryptographic Weakness Category #352 * New changes Cryptographic Weakness category * json parse error fix (#380) * hyphens to underscores in vrt items * Update remediation_advice.json * Update remediation_advice.json --------- Co-authored-by: Amal Murali <[email protected]> Co-authored-by: Deepak Kumar Jha <[email protected]>
| { | ||
| "id": "broken_cryptography", | ||
| "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" | ||
| "id": "cryptographic_weakness", |
There was a problem hiding this comment.
Suggested change
| "id": "cryptographic_weakness", | |
| "id": "cryptographic_weakness", |
| { | ||
| "id": "broken_cryptography", | ||
| "cwe": ["CWE-310"] | ||
| "id": "cryptographic_weakness", |
There was a problem hiding this comment.
Suggested change
| "id": "cryptographic_weakness", | |
| "id": "cryptographic_weakness", |
Danysharma00
approved these changes
Aug 24, 2024
| { | ||
| "id": "broken_cryptography", | ||
| "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" | ||
| "id": "cryptographic_weakness", |
There was a problem hiding this comment.
Suggested change
| "id": "cryptographic_weakness", | |
| "id": "cryptographic_weakness", |
Danysharma00
approved these changes
Aug 24, 2024
| "name": "Broken Cryptography", | ||
| "type": "category", | ||
| "children": [ | ||
| "id": "cryptographic_weakness", |
There was a problem hiding this comment.
Suggested change
| "id": "cryptographic_weakness", | |
| "id": "cryptographic_weakness", |
|
Closing this PR since these has been added with the last VRT release. Thank you for your input. -Timmy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This update:
Cryptographic Weaknesscategory detailing specific cryptography-related vulnerabilities; andBroken Cryptography - Cryptographic Flawvulnerability.