vrt 0.12.2 → 0.12.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/data/1.12/deprecated-node-mapping.json +236 -0
- data/lib/data/1.12/mappings/cvss_v3/cvss_v3.json +1280 -0
- data/lib/data/1.12/mappings/cvss_v3/cvss_v3.schema.json +59 -0
- data/lib/data/1.12/mappings/cwe/cwe.json +668 -0
- data/lib/data/1.12/mappings/cwe/cwe.schema.json +63 -0
- data/lib/data/1.12/mappings/remediation_advice/remediation_advice.json +1850 -0
- data/lib/data/1.12/mappings/remediation_advice/remediation_advice.schema.json +75 -0
- data/lib/data/1.12/third-party-mappings/remediation_training/secure-code-warrior-links.json +400 -0
- data/lib/data/1.12/vrt.schema.json +63 -0
- data/lib/data/1.12/vulnerability-rating-taxonomy.json +2493 -0
- data/lib/vrt/version.rb +1 -1
- metadata +12 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ad7853bb899f29e3541e80a043b22877f1bb009cfbb3d4684c9aeb8133502881
|
4
|
+
data.tar.gz: 7a925e791ca120d97320dcd3ae0685cadf4930ef9ea23a479fdc14cbc492c944
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7be29ba5599703296f7209a1f7e8139d2f800a7eaf3c216d3849233fc507da5a83602695389e23b1fc1c19898502fe6b83c7ddf99c23849cd2865b8d46beed42
|
7
|
+
data.tar.gz: b28cb198f22ea5e75f106d7aa00a7a0db5d85cf18e8013cd29b63c16546c3470a65793d8ac5e913ac7044636600758a8bc2e95566bf8d9df29e3077f739b7946
|
@@ -0,0 +1,236 @@
|
|
1
|
+
{
|
2
|
+
"poor_physical_security": {
|
3
|
+
"1.1": "other"
|
4
|
+
},
|
5
|
+
"social_engineering": {
|
6
|
+
"1.1": "other"
|
7
|
+
},
|
8
|
+
"unvalidated_redirects_and_forwards.open_redirect.get_based_all_users": {
|
9
|
+
"1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
|
10
|
+
},
|
11
|
+
"unvalidated_redirects_and_forwards.open_redirect.get_based_authenticated": {
|
12
|
+
"1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
|
13
|
+
},
|
14
|
+
"unvalidated_redirects_and_forwards.open_redirect.get_based_unauthenticated": {
|
15
|
+
"1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
|
16
|
+
},
|
17
|
+
"broken_authentication_and_session_management.session_token_in_url.over_https": {
|
18
|
+
"1.2": "sensitive_data_exposure.sensitive_token_in_url"
|
19
|
+
},
|
20
|
+
"broken_authentication_and_session_management.session_token_in_url.over_http": {
|
21
|
+
"1.2": "sensitive_data_exposure.sensitive_token_in_url"
|
22
|
+
},
|
23
|
+
"broken_authentication_and_session_management.session_token_in_url": {
|
24
|
+
"1.2": "sensitive_data_exposure.sensitive_token_in_url"
|
25
|
+
},
|
26
|
+
"insecure_data_transport": {
|
27
|
+
"1.2": "mobile_security_misconfiguration"
|
28
|
+
},
|
29
|
+
"insecure_data_transport.ssl_certificate_pinning": {
|
30
|
+
"1.2": "mobile_security_misconfiguration.ssl_certificate_pinning"
|
31
|
+
},
|
32
|
+
"insecure_data_transport.ssl_certificate_pinning.absent": {
|
33
|
+
"1.2": "mobile_security_misconfiguration.ssl_certificate_pinning.absent"
|
34
|
+
},
|
35
|
+
"insecure_data_transport.ssl_certificate_pinning.defeatable": {
|
36
|
+
"1.2": "mobile_security_misconfiguration.ssl_certificate_pinning.defeatable"
|
37
|
+
},
|
38
|
+
"insecure_data_storage.credentials_stored_unencrypted": {
|
39
|
+
"1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted"
|
40
|
+
},
|
41
|
+
"insecure_data_storage.credentials_stored_unencrypted.on_external_storage": {
|
42
|
+
"1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_external_storage"
|
43
|
+
},
|
44
|
+
"insecure_data_storage.credentials_stored_unencrypted.on_internal_storage": {
|
45
|
+
"1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_internal_storage"
|
46
|
+
},
|
47
|
+
"insufficient_security_configurability.weak_password_policy.complexity_both_length_and_char_type_not_enforced": {
|
48
|
+
"1.2": "insufficient_security_configurability.no_password_policy"
|
49
|
+
},
|
50
|
+
"missing_function_level_access_control": {
|
51
|
+
"1.3": "broken_access_control"
|
52
|
+
},
|
53
|
+
"missing_function_level_access_control.server_side_request_forgery_ssrf": {
|
54
|
+
"1.3": "broken_access_control.server_side_request_forgery_ssrf"
|
55
|
+
},
|
56
|
+
"missing_function_level_access_control.server_side_request_forgery_ssrf.internal": {
|
57
|
+
"1.3": "broken_access_control.server_side_request_forgery_ssrf.internal"
|
58
|
+
},
|
59
|
+
"missing_function_level_access_control.server_side_request_forgery_ssrf.external": {
|
60
|
+
"1.3": "broken_access_control.server_side_request_forgery_ssrf.external"
|
61
|
+
},
|
62
|
+
"missing_function_level_access_control.username_enumeration": {
|
63
|
+
"1.3": "broken_access_control.username_enumeration"
|
64
|
+
},
|
65
|
+
"missing_function_level_access_control.username_enumeration.data_leak": {
|
66
|
+
"1.3": "broken_access_control.username_enumeration.data_leak"
|
67
|
+
},
|
68
|
+
"missing_function_level_access_control.exposed_sensitive_android_intent": {
|
69
|
+
"1.3": "broken_access_control.exposed_sensitive_android_intent"
|
70
|
+
},
|
71
|
+
"missing_function_level_access_control.exposed_sensitive_ios_url_scheme": {
|
72
|
+
"1.3": "broken_access_control.exposed_sensitive_ios_url_scheme"
|
73
|
+
},
|
74
|
+
"insecure_direct_object_references_idor": {
|
75
|
+
"1.3": "broken_access_control.idor"
|
76
|
+
},
|
77
|
+
"broken_authentication_and_session_management.weak_login_function.over_http": {
|
78
|
+
"1.4": "broken_authentication_and_session_management.weak_login_function.https_not_available_or_http_by_default"
|
79
|
+
},
|
80
|
+
"cross_site_scripting_xss.ie_only.older_version_ie_10_11": {
|
81
|
+
"1.4": "cross_site_scripting_xss.ie_only.ie11"
|
82
|
+
},
|
83
|
+
"cross_site_scripting_xss.ie_only.older_version_ie10": {
|
84
|
+
"1.4": "cross_site_scripting_xss.ie_only.older_version_ie11"
|
85
|
+
},
|
86
|
+
"broken_authentication_and_session_management.failure_to_invalidate_session.on_password_reset": {
|
87
|
+
"1.4": "broken_authentication_and_session_management.failure_to_invalidate_session.on_password_change"
|
88
|
+
},
|
89
|
+
"network_security_misconfiguration.telnet_enabled.credentials_required": {
|
90
|
+
"1.4": "broken_authentication_and_session_management.weak_login_function.other_plaintext_protocol_no_secure_alternative"
|
91
|
+
},
|
92
|
+
"server_security_misconfiguration.mail_server_misconfiguration.missing_spf_on_email_domain": {
|
93
|
+
"1.5": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain"
|
94
|
+
},
|
95
|
+
"server_security_misconfiguration.mail_server_misconfiguration.email_spoofable_via_third_party_api_misconfiguration": {
|
96
|
+
"1.5": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain"
|
97
|
+
},
|
98
|
+
"cross_site_scripting_xss.stored.admin_to_anyone": {
|
99
|
+
"1.5": "cross_site_scripting_xss.stored.privileged_user_to_privilege_elevation"
|
100
|
+
},
|
101
|
+
"server_security_misconfiguration.misconfigured_dns.subdomain_takeover": {
|
102
|
+
"1.5": "server_security_misconfiguration.misconfigured_dns.basic_subdomain_takeover"
|
103
|
+
},
|
104
|
+
"server_security_misconfiguration.captcha_bypass": {
|
105
|
+
"1.5": "server_security_misconfiguration.captcha"
|
106
|
+
},
|
107
|
+
"server_security_misconfiguration.captcha_bypass.implementation_vulnerability": {
|
108
|
+
"1.5": "server_security_misconfiguration.captcha.implementation_vulnerability"
|
109
|
+
},
|
110
|
+
"server_security_misconfiguration.captcha_bypass.brute_force": {
|
111
|
+
"1.5": "server_security_misconfiguration.captcha.brute_force"
|
112
|
+
},
|
113
|
+
"broken_access_control.server_side_request_forgery_ssrf.internal": {
|
114
|
+
"1.6": "broken_access_control.server_side_request_forgery_ssrf.internal_high_impact"
|
115
|
+
},
|
116
|
+
"server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain": {
|
117
|
+
"1.6": "server_security_misconfiguration.mail_server_misconfiguration.no_spoofing_protection_on_email_domain"
|
118
|
+
},
|
119
|
+
"server_security_misconfiguration.mail_server_misconfiguration.missing_spf_on_non_email_domain": {
|
120
|
+
"1.6": "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim"
|
121
|
+
},
|
122
|
+
"server_security_misconfiguration.mail_server_misconfiguration.spf_uses_a_soft_fail": {
|
123
|
+
"1.6": "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim"
|
124
|
+
},
|
125
|
+
"server_security_misconfiguration.mail_server_misconfiguration.spf_includes_10_lookups": {
|
126
|
+
"1.6": "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim"
|
127
|
+
},
|
128
|
+
"server_security_misconfiguration.mail_server_misconfiguration.missing_dmarc": {
|
129
|
+
"1.6": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_to_inbox_due_to_missing_or_misconfigured_dmarc_on_email_domain"
|
130
|
+
},
|
131
|
+
"broken_access_control.username_enumeration.data_leak": {
|
132
|
+
"1.7": "broken_access_control.username_enumeration.non_brute_force"
|
133
|
+
},
|
134
|
+
"insufficient_security_configurability.weak_2fa_implementation": {
|
135
|
+
"1.7": "insufficient_security_configurability.weak_two_fa_implementation"
|
136
|
+
},
|
137
|
+
"sensitive_data_exposure.token_leakage_via_referer.trusted_3rd_party": {
|
138
|
+
"1.7": "sensitive_data_exposure.token_leakage_via_referer.trusted_third_party"
|
139
|
+
},
|
140
|
+
"sensitive_data_exposure.token_leakage_via_referer.untrusted_3rd_party": {
|
141
|
+
"1.7": "sensitive_data_exposure.token_leakage_via_referer.untrusted_third_party"
|
142
|
+
},
|
143
|
+
"cross_site_scripting_xss.ie_only.ie11": {
|
144
|
+
"1.7": "cross_site_scripting_xss.ie_only.ie_eleven"
|
145
|
+
},
|
146
|
+
"cross_site_scripting_xss.ie_only.older_version_ie11": {
|
147
|
+
"1.7": "cross_site_scripting_xss.ie_only.older_version_ie_eleven"
|
148
|
+
},
|
149
|
+
"sensitive_data_exposure.critically_sensitive_data.password_disclosure": {
|
150
|
+
"1.9": "sensitive_data_exposure.disclosure_of_secrets"
|
151
|
+
},
|
152
|
+
"sensitive_data_exposure.critically_sensitive_data.private_api_keys": {
|
153
|
+
"1.9": "sensitive_data_exposure.disclosure_of_secrets"
|
154
|
+
},
|
155
|
+
"sensitive_data_exposure.critically_sensitive_data": {
|
156
|
+
"1.9": "sensitive_data_exposure"
|
157
|
+
},
|
158
|
+
"insufficient_security_configurability.lack_of_verification_email": {
|
159
|
+
"1.10": "insufficient_security_configurability.verification_of_contact_method_not_required"
|
160
|
+
},
|
161
|
+
"broken_authentication_and_session_management.weak_login_function.https_not_available_or_http_by_default": {
|
162
|
+
"1.10": "broken_authentication_and_session_management.weak_login_function.over_http"
|
163
|
+
},
|
164
|
+
"broken_authentication_and_session_management.weak_login_function.http_and_https_available": {
|
165
|
+
"1.10": "broken_authentication_and_session_management.weak_login_function.over_http"
|
166
|
+
},
|
167
|
+
"broken_authentication_and_session_management.weak_login_function.lan_only": {
|
168
|
+
"1.10": "broken_authentication_and_session_management.weak_login_function.over_http"
|
169
|
+
},
|
170
|
+
"cross_site_request_forgery_csrf.flash_based.high_impact": {
|
171
|
+
"1.10": "cross_site_request_forgery_csrf.flash_based"
|
172
|
+
},
|
173
|
+
"cross_site_request_forgery_csrf.flash_based.low_impact": {
|
174
|
+
"1.10": "cross_site_request_forgery_csrf.flash_based"
|
175
|
+
},
|
176
|
+
"automotive_security_misconfiguration.infotainment": {
|
177
|
+
"1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit"
|
178
|
+
},
|
179
|
+
"automotive_security_misconfiguration.infotainment.pii_leakage": {
|
180
|
+
"1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.pii_leakage"
|
181
|
+
},
|
182
|
+
"automotive_security_misconfiguration.infotainment.code_execution_can_bus_pivot": {
|
183
|
+
"1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.code_execution_can_bus_pivot"
|
184
|
+
},
|
185
|
+
"automotive_security_misconfiguration.infotainment.code_execution_no_can_bus_pivot": {
|
186
|
+
"1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.code_execution_no_can_bus_pivot"
|
187
|
+
},
|
188
|
+
"automotive_security_misconfiguration.infotainment.unauthorized_access_to_services": {
|
189
|
+
"1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.unauthorized_access_to_services"
|
190
|
+
},
|
191
|
+
"automotive_security_misconfiguration.infotainment.source_code_dump": {
|
192
|
+
"1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.source_code_dump"
|
193
|
+
},
|
194
|
+
"automotive_security_misconfiguration.infotainment.dos_brick": {
|
195
|
+
"1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.dos_brick"
|
196
|
+
},
|
197
|
+
"automotive_security_misconfiguration.infotainment.default_credentials": {
|
198
|
+
"1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.default_credentials"
|
199
|
+
},
|
200
|
+
"broken_cryptography": {
|
201
|
+
"1.11": "other"
|
202
|
+
},
|
203
|
+
"broken_cryptography.cryptographic_flaw": {
|
204
|
+
"1.11": "other"
|
205
|
+
},
|
206
|
+
"broken_cryptography.cryptographic_flaw.incorrect_usage": {
|
207
|
+
"1.11": "other"
|
208
|
+
},
|
209
|
+
"cross_site_scripting_xss.ie_only.ie_eleven": {
|
210
|
+
"1.11": "other"
|
211
|
+
},
|
212
|
+
"cross_site_scripting_xss.ie_only.older_version_ie_eleven": {
|
213
|
+
"1.11": "cross_site_scripting_xss.ie_only"
|
214
|
+
},
|
215
|
+
"cross_site_scripting_xss.ie_only.xss_filter_disabled": {
|
216
|
+
"1.11": "other"
|
217
|
+
},
|
218
|
+
"automotive_security_misconfiguration.infotainment_radio_head_unit.pii_leakage": {
|
219
|
+
"1.11": "automotive_security_misconfiguration.infotainment_radio_head_unit.sensitive_data_leakage_exposure"
|
220
|
+
},
|
221
|
+
"broken_access_control.server_side_request_forgery_ssrf": {
|
222
|
+
"1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf"
|
223
|
+
},
|
224
|
+
"broken_access_control.server_side_request_forgery_ssrf.internal_high_impact": {
|
225
|
+
"1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf.internal_high_impact"
|
226
|
+
},
|
227
|
+
"broken_access_control.server_side_request_forgery_ssrf.internal_scan_and_or_medium_impact": {
|
228
|
+
"1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf.internal_scan_and_or_medium_impact"
|
229
|
+
},
|
230
|
+
"broken_access_control.server_side_request_forgery_ssrf.dns_query_only": {
|
231
|
+
"1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf.external_dns_query_only"
|
232
|
+
},
|
233
|
+
"broken_access_control.server_side_request_forgery_ssrf.external": {
|
234
|
+
"1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf.external_low_impact"
|
235
|
+
}
|
236
|
+
}
|