diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c1d0229..be549c56 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,10 +13,10 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p ## [v1.11](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.10...v1.11) - 2023-11-20 ### Added - Sensitive Data Exposure - Disclosure of Secrets - PII Leakage/Exposure: VARIES -- Sensitive Data Exposure - Disclosure of Secrets - Sensitive data Leakage/Exposure: P1 - Server-Side Injection - Content Spoofing - HTML Content Injection: P5 - Broken Authentication and Session Management - Failure to invalidate session - Permission change: VARIES - Server Security Misconfiguration - Request Smuggling: VARIES +- Server-Side Injection - LDAP Injection: VARIES - Cryptographic Weakness - Insufficient Entropy - Limited Random Number Generator (RNG) Entropy Source: P4 - Cryptographic Weakness - Insufficient_Entropy - Use of True Random Number Generator (TRNG) for Non-Security Purpose: P5 - Cryptographic Weakness - Insufficient_Entropy - Pseudo-Random Number Generator (PRNG) Seed Reuse: P5 @@ -48,33 +48,40 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p - Cryptographic Weakness - Incomplete Cleanup of Keying Material: P5 - Cryptographic Weakness - Broken Cryptography - Use of Broken Cryptographic Primitive: P3 - Cryptographic Weakness - Broken Cryptography - Use of Vulnerable Cryptographic Library: P4 -- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Manipulate Non-Sensitive Information: P5 -- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Manipulate Sensitive Information | GUID/Complex Object Identifiers: P4 -- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read Sensitive Information | Iteratable Object Identifiers: P3 -- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Alter Sensitive Information | Iteratable Object Identifiers: P2 -- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read Sensitive Information (PII) | Iteratable Object Identifiers: P1 +- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read/Edit/Delete Non-Sensitive Information: P5 +- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read/Edit/Delete Sensitive Information/GUID/Complex Object Identifiers: P4 +- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read Sensitive Information/Iterable Object Identifiers: P3 +- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Edit/Delete Sensitive Information/Iterable Object Identifiers: P2 +- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read/Edit/Delete Sensitive Information (PII)/Iterable Object Identifier: P1 ### Changed FROM: - Cross-Site Scripting (XSS) - IE-Only - Older Version (< IE11): P5 + TO: - Cross-Site Scripting (XSS) - IE-Only: P5 -- FROM: +FROM: - Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) - Internal High Impact: P2 - Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) - Internal Scan and/or Medium Impact: P3 - Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) - External: P4 - Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) - DNS Query Only : P5 + TO: - Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - Internal High Impact: P2 - Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - Internal Scan and/or Medium Impact: P3 - Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - External - Low impact: P5 - Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - External - DNS Query Only: P5 +FROM: +- Automotive Security Misconfiguration - Infotainment, Radio Head Unit - PII Leakage: P1 + +TO: +- Automotive Security Misconfiguration - Infotainment, Radio Head Unit - Sensitive data Leakage/Exposure: P1 ### Removed - Cross-Site Scripting (XSS) - IE-Only - IE11: P4 +- Cross-Site Scripting (XSS) - XSS Filter Disabled: P5 - Broken Cryptography - Cryptographic Flaw - Incorrect Usage: P1 -- Automotive Security Misconfiguration - Infotainment, Radio Head Unit - PII Leakage: P1 ## [v1.10.1](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.10...v1.10.1) - 2021-03-29 ### Changed diff --git a/deprecated-node-mapping.json b/deprecated-node-mapping.json index 302579ca..5eae889c 100644 --- a/deprecated-node-mapping.json +++ b/deprecated-node-mapping.json @@ -196,5 +196,41 @@ }, "automotive_security_misconfiguration.infotainment.default_credentials": { "1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.default_credentials" + }, + "broken_cryptography": { + "1.11": "other" + }, + "broken_cryptography.cryptographic_flaw": { + "1.11": "other" + }, + "broken_cryptography.cryptographic_flaw.incorrect_usage": { + "1.11": "other" + }, + "broken_cryptography.use_of_broken_cryptographic_primitive": { + "1.11": "cryptographic_weakness.broken_cryptography.use_of_broken_cryptographic_primitive" + }, + "broken_cryptography.use_of_vulnerable_cryptographic_library": { + "1.11": "cryptographic_weakness.broken_cryptography.use_of_vulnerable_cryptographic_library" + }, + "cross_site_scripting_xss.ie_only.older_version_ie11": { + "1.11": "other" + }, + "cross_site_scripting_xss.ie_only.xss_filter_disabled": { + "1.11": "other" + }, + "automotive_security_misconfiguration.infotainment_radio_head_unit.pii_leakage": { + "1.11": "automotive_security_misconfiguration.infotainment_radio_head_unit.sensitive_data_leakage_exposure" + }, + "broken_access_control.server_side_request_forgery_ssrf.internal_high_impact": { + "1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf.internal_high_impact" + }, + "broken_access_control.server_side_request_forgery_ssrf.internal_scan_and_or_medium_impact": { + "1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf.internal_scan_and_or_medium_impact" + }, + "broken_access_control.server_side_request_forgery_ssrf.dns_query_only": { + "1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf.external_dns_query_only" + }, + "broken_access_control.server_side_request_forgery_ssrf.external": { + "1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf.external_low_impact" } } diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json index 0a8af6dc..2421aaf3 100644 --- a/mappings/cvss_v3/cvss_v3.json +++ b/mappings/cvss_v3/cvss_v3.json @@ -966,6 +966,19 @@ } ] }, + { + "id": "broken_cryptography", + "children": [ + { + "id": "use_of_broken_cryptographic_primitive", + "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" + }, + { + "id": "use_of_vulnerable_cryptographic_library", + "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" + } + ] + }, { "id": "side_channel_attack", "children": [ @@ -1001,19 +1014,6 @@ } ] }, - { - "id": "broken_cryptography", - "children": [ - { - "id": "use_of_broken_cryptographic_primitive", - "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" - }, - { - "id": "use_of_vulnerable_cryptographic_library", - "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" - } - ] - }, { "id": "privacy_concerns", "children": [ diff --git a/mappings/cwe/cwe.json b/mappings/cwe/cwe.json index edce0c68..804163fe 100644 --- a/mappings/cwe/cwe.json +++ b/mappings/cwe/cwe.json @@ -552,6 +552,20 @@ } ] }, + { + "id": "broken_cryptography", + "cwe": ["CWE-327"], + "children": [ + { + "id": "use_of_broken_cryptographic_primitive", + "cwe": ["CWE-327"] + }, + { + "id": "use_of_vulnerable_cryptographic_library", + "cwe": ["CWE-327"] + } + ] + }, { "id": "side_channel_attack", "cwe": ["CWE-203", "CWE-1300"], @@ -588,20 +602,6 @@ } ] }, - { - "id": "broken_cryptography", - "cwe": ["CWE-327"], - "children": [ - { - "id": "use_of_broken_cryptographic_primitive", - "cwe": ["CWE-327"] - }, - { - "id": "use_of_vulnerable_cryptographic_library", - "cwe": ["CWE-327"] - } - ] - }, { "id": "privacy_concerns", "cwe": ["CWE-359"] diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json index 082130fb..e09bc36d 100644 --- a/mappings/remediation_advice/remediation_advice.json +++ b/mappings/remediation_advice/remediation_advice.json @@ -1382,6 +1382,28 @@ } ] }, + { + "id": "broken_cryptography", + "children": [ + { + "id": "use_of_broken_cryptographic_primitive", + "remediation_advice": "The use of broken, weak, or flawed cryptographic algorithms can allow an attacker to decrypt sensistive information. Ensure the application makes use of only trustworthy cryprographic algorithms as indicated by relevant security standard(s) and regulation(s).", + "references": [ + "https://codeql.github.com/codeql-query-help/java/java-weak-cryptographic-algorithm/", + "https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402annexa.pdf", + "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf" + ] + }, + { + "id": "use_of_vulnerable_cryptographic_library", + "remediation_advice": "The identification, patching, and disclosure of vulnerabilities in third-party libraries, including cryptographic libraries, is a daily occurrence. In some cases, cryptographic libraries are deemed 'broken' and deprecated. Ensure the application is updated to include the latest secure version of all third-party cryptographic libraries and replace known 'broken' cryptographic libraries with secure alternatives.", + "references": [ + "https://www.ubiqsecurity.com/bouncy-castle-and-the-impact-of-cryptographic-vulnerabilities/", + "https://blog.cryptographyengineering.com/2013/09/20/rsa-warns-developers-against-its-own/" + ] + } + ] + }, { "id": "side_channel_attack", "children": [ @@ -1449,28 +1471,6 @@ } ] }, - { - "id": "broken_cryptography", - "children": [ - { - "id": "use_of_broken_cryptographic_primitive", - "remediation_advice": "The use of broken, weak, or flawed cryptographic algorithms can allow an attacker to decrypt sensistive information. Ensure the application makes use of only trustworthy cryprographic algorithms as indicated by relevant security standard(s) and regulation(s).", - "references": [ - "https://codeql.github.com/codeql-query-help/java/java-weak-cryptographic-algorithm/", - "https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402annexa.pdf", - "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf" - ] - }, - { - "id": "use_of_vulnerable_cryptographic_library", - "remediation_advice": "The identification, patching, and disclosure of vulnerabilities in third-party libraries, including cryptographic libraries, is a daily occurrence. In some cases, cryptographic libraries are deemed 'broken' and deprecated. Ensure the application is updated to include the latest secure version of all third-party cryptographic libraries and replace known 'broken' cryptographic libraries with secure alternatives.", - "references": [ - "https://www.ubiqsecurity.com/bouncy-castle-and-the-impact-of-cryptographic-vulnerabilities/", - "https://blog.cryptographyengineering.com/2013/09/20/rsa-warns-developers-against-its-own/" - ] - } - ] - }, { "id": "privacy_concerns", "remediation_advice": "1. Avoid storing unnecessary data where possible.\n2. Purge all known unnecessary data when identified on the device or application.\n3. Purge all known unnecessary data in known cached locations.\n4. Purge all known unnecessary data on known backup locations.", diff --git a/third-party-mappings/remediation_training/secure-code-warrior-links.json b/third-party-mappings/remediation_training/secure-code-warrior-links.json index 5c27c94d..00f32d97 100755 --- a/third-party-mappings/remediation_training/secure-code-warrior-links.json +++ b/third-party-mappings/remediation_training/secure-code-warrior-links.json @@ -199,13 +199,10 @@ "broken_access_control": null, "broken_access_control.idor": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:idor&redirect=true", "broken_access_control.idor.read_edit_delete_non_sensitive_information": null, - "broken_access_control.idor.read_edit_delete_sensitive_information": null, - "broken_access_control.idor.read_edit_delete_sensitive_information.complext_object_identifiers": null, - "broken_access_control.idor.read_sensitive_information": null, - "broken_access_control.idor.read_sensitive_information.iterable_object_identifiers": null, - "broken_access_control.idor.edit_delete_sensitive_information": null, - "broken_access_control.idor.edit_delete_sensitive_information.iterable_object_identifiers": null, - "broken_access_control.idor.edit_delete_sensitive_information.read_edit_delete_sensitive_information_pii": null, + "broken_access_control.idor.read_edit_delete_sensitive_information_guid": null, + "broken_access_control.idor.read_sensitive_information_iterable_object_identifiers": null, + "broken_access_control.idor.edit_delete_sensitive_information_iterable_object_identifiers": null, + "broken_access_control.idor.read_edit_delete_sensitive_information_iterable_object_identifiers": null, "broken_access_control.username_enumeration": null, "broken_access_control.username_enumeration.non_brute_force": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:username_enumeration:non_brute_force&redirect=true", "broken_access_control.exposed_sensitive_android_intent": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:exposed_sensitive_android_intent&redirect=true", @@ -323,6 +320,9 @@ "cryptographic_weakness.key_reuse.lack_of_perfect_forward_secrecy": null, "cryptographic_weakness.key_reuse.intra_environment": null, "cryptographic_weakness.key_reuse.inter_environment": null, + "cryptographic_weakness.broken_cryptography": null, + "cryptographic_weakness.broken_cryptography.use_of_broken_cryptographic_primitive": null, + "cryptographic_weakness.broken_cryptography.use_of_vulnerable_cryptographic_library": null, "cryptographic_weakness.side_channel_attack": null, "cryptographic_weakness.side_channel_attack.padding_oracle_attack": null, "cryptographic_weakness.side_channel_attack.timing_attack": null, @@ -331,9 +331,6 @@ "cryptographic_weakness.side_channel_attack.differential_fault_analysis": null, "cryptographic_weakness.use_of_expired_cryptographic_key_or_cert": null, "cryptographic_weakness.incomplete_cleanup_of_keying_material": null, - "broken_cryptography": null, - "broken_cryptography.use_of_broken_cryptographic_primitive": null, - "broken_cryptography.use_of_vulnerable_cryptographic_library": null, "privacy_concerns": null, "privacy_concerns.unnecessary_data_collection": null, "privacy_concerns.unnecessary_data_collection.wifi_ssid_password": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=privacy_concerns:unnecessary_data_collection:wifi_ssid_password&redirect=true", diff --git a/vulnerability-rating-taxonomy.json b/vulnerability-rating-taxonomy.json index 87ea1a62..afc8873c 100644 --- a/vulnerability-rating-taxonomy.json +++ b/vulnerability-rating-taxonomy.json @@ -1236,65 +1236,37 @@ { "id": "idor", "name": "Insecure Direct Object References (IDOR)", - "type": "category", + "type": "subcategory", "children": [ { "id": "read_edit_delete_non_sensitive_information", "name": "Read/Edit/Delete Non-Sensitive Information", - "type": "subcategory", - "priority": 5 - }, - { - "id": "read_edit_delete_sensitive_information", - "name": "Read/Edit/Delete Sensitive Information", - "type": "subcategory", - "children": [ - { - "id": "complext_object_identifiers", - "name": "GUID/Complex Object Identifiers", - "type": "variant", - "priority": 4 - } - ] - }, - { - "id": "read_sensitive_information", - "name": "Read Sensitive Information", - "type": "subcategory", - "children": [ - { - "id": "iterable_object_identifiers", - "name": "Iterable Object Identifiers", - "type": "variant", - "priority": 3 - } - ] - }, - { - "id": "edit_delete_sensitive_information", - "name": "Edit/Delete Sensitive Information", - "type": "subcategory", - "children": [ - { - "id": "iterable_object_identifiers", - "name": "Iterable Object Identifiers", - "type": "variant", - "priority": 2 - } - ] - }, - { - "id": "edit_delete_sensitive_information", - "name": "Edit/Delete Sensitive Information", - "type": "subcategory", - "children": [ - { - "id": "read_edit_delete_sensitive_information_pii", - "name": "Read/Edit/Delete Sensitive Information (PII)", - "type": "variant", - "priority": 1 - } - ] + "type": "variant", + "priority": 5 + }, + { + "id": "read_edit_delete_sensitive_information_guid", + "name": "Read/Edit/Delete Sensitive Information/Complex Object Identifiers(GUID)", + "type": "variant", + "priority": 4 + }, + { + "id": "read_sensitive_information_iterable_object_identifiers", + "name": "Read Sensitive Information/Iterable Object Identifiers", + "type": "variant", + "priority": 3 + }, + { + "id": "edit_delete_sensitive_information_iterable_object_identifiers", + "name": "Edit/Delete Sensitive Information/Iterable Object Identifiers", + "type": "variant", + "priority": 2 + }, + { + "id": "read_edit_delete_sensitive_information_iterable_object_identifiers", + "name": "Read/Edit/Delete Sensitive Information/Iterable Object Identifiers", + "type": "variant", + "priority": 1 } ] }, @@ -2032,6 +2004,25 @@ } ] }, + { + "id": "broken_cryptography", + "name": "Broken Cryptography", + "type": "subcategory", + "children": [ + { + "id": "use_of_broken_cryptographic_primitive", + "name": "Use of Broken Cryptographic Primitive", + "type": "variant", + "priority": 3 + }, + { + "id": "use_of_vulnerable_cryptographic_library", + "name": "Use of Vulnerable Cryptographic Library", + "type": "variant", + "priority": 4 + } + ] + }, { "id": "side_channel_attack", "name": "Side-Channel Attack", @@ -2083,25 +2074,6 @@ } ] }, - { - "id": "broken_cryptography", - "name": "Broken Cryptography", - "type": "category", - "children": [ - { - "id": "use_of_broken_cryptographic_primitive", - "name": "Use of Broken Cryptographic Primitive", - "type": "subcategory", - "priority": 3 - }, - { - "id": "use_of_vulnerable_cryptographic_library", - "name": "Use of Vulnerable Cryptographic Library", - "type": "subcategory", - "priority": 4 - } - ] - }, { "id": "privacy_concerns", "name": "Privacy Concerns",