vrt 0.13.7 → 0.13.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (28) hide show
  1. checksums.yaml +4 -4
  2. data/lib/data/1.18.1/deprecated-node-mapping.json +341 -0
  3. data/lib/data/1.18.1/mappings/cvss_v3/cvss_v3.json +1602 -0
  4. data/lib/data/1.18.1/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  5. data/lib/data/1.18.1/mappings/cvss_v4/cvss_v4.json +2521 -0
  6. data/lib/data/1.18.1/mappings/cvss_v4/cvss_v4.schema.json +62 -0
  7. data/lib/data/1.18.1/mappings/cwe/cwe.json +1363 -0
  8. data/lib/data/1.18.1/mappings/cwe/cwe.schema.json +63 -0
  9. data/lib/data/1.18.1/mappings/remediation_advice/remediation_advice.json +2300 -0
  10. data/lib/data/1.18.1/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  11. data/lib/data/1.18.1/scw_links.json +583 -0
  12. data/lib/data/1.18.1/third-party-mappings/remediation_training/secure-code-warrior-links.json +583 -0
  13. data/lib/data/1.18.1/vrt.schema.json +63 -0
  14. data/lib/data/1.18.1/vulnerability-rating-taxonomy.json +3638 -0
  15. data/lib/data/1.19/deprecated-node-mapping.json +341 -0
  16. data/lib/data/1.19/mappings/cvss_v3/cvss_v3.json +1602 -0
  17. data/lib/data/1.19/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  18. data/lib/data/1.19/mappings/cvss_v4/cvss_v4.json +2521 -0
  19. data/lib/data/1.19/mappings/cvss_v4/cvss_v4.schema.json +62 -0
  20. data/lib/data/1.19/mappings/cwe/cwe.json +1363 -0
  21. data/lib/data/1.19/mappings/cwe/cwe.schema.json +63 -0
  22. data/lib/data/1.19/mappings/remediation_advice/remediation_advice.json +2300 -0
  23. data/lib/data/1.19/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  24. data/lib/data/1.19/third-party-mappings/remediation_training/secure-code-warrior-links.json +583 -0
  25. data/lib/data/1.19/vrt.schema.json +63 -0
  26. data/lib/data/1.19/vulnerability-rating-taxonomy.json +3638 -0
  27. data/lib/vrt/version.rb +1 -1
  28. metadata +28 -3
data/lib/data/1.19/mappings/cwe/cwe.json ADDED
@@ -0,0 +1,1363 @@
1
+ {
2
+ "metadata": {
3
+ "default": null
4
+ },
5
+ "content": [
6
+ {
7
+ "id": "ai_application_security",
8
+ "cwe": null
9
+ },
10
+ {
11
+ "id": "algorithmic_biases",
12
+ "cwe": null,
13
+ "children": [
14
+ {
15
+ "id": "aggregation_bias",
16
+ "cwe": null
17
+ },
18
+ {
19
+ "id": "processing_bias",
20
+ "cwe": null
21
+ }
22
+ ]
23
+ },
24
+ {
25
+ "id": "application_level_denial_of_service_dos",
26
+ "cwe": [
27
+ "CWE-400"
28
+ ]
29
+ },
30
+ {
31
+ "id": "automotive_security_misconfiguration",
32
+ "cwe": null,
33
+ "children": [
34
+ {
35
+ "id": "abs",
36
+ "cwe": null
37
+ },
38
+ {
39
+ "id": "battery_management_system",
40
+ "cwe": null
41
+ },
42
+ {
43
+ "id": "can",
44
+ "cwe": null
45
+ },
46
+ {
47
+ "id": "gnss_gps",
48
+ "cwe": null
49
+ },
50
+ {
51
+ "id": "immobilizer",
52
+ "cwe": null
53
+ },
54
+ {
55
+ "id": "infotainment_radio_head_unit",
56
+ "cwe": null
57
+ },
58
+ {
59
+ "id": "rf_hub",
60
+ "cwe": null
61
+ },
62
+ {
63
+ "id": "rsu",
64
+ "cwe": null
65
+ }
66
+ ]
67
+ },
68
+ {
69
+ "id": "blockchain_infrastructure_misconfiguration",
70
+ "cwe": null
71
+ },
72
+ {
73
+ "id": "broken_access_control",
74
+ "cwe": [
75
+ "CWE-723"
76
+ ],
77
+ "children": [
78
+ {
79
+ "id": "exposed_sensitive_android_intent",
80
+ "cwe": [
81
+ "CWE-927"
82
+ ]
83
+ },
84
+ {
85
+ "id": "exposed_sensitive_ios_url_scheme",
86
+ "cwe": [
87
+ "CWE-939"
88
+ ]
89
+ },
90
+ {
91
+ "id": "idor",
92
+ "cwe": [
93
+ "CWE-932"
94
+ ]
95
+ },
96
+ {
97
+ "id": "privilege_escalation",
98
+ "cwe": [
99
+ "CWE-269"
100
+ ]
101
+ },
102
+ {
103
+ "id": "username_enumeration",
104
+ "cwe": [
105
+ "CWE-200"
106
+ ]
107
+ }
108
+ ]
109
+ },
110
+ {
111
+ "id": "broken_authentication_and_session_management",
112
+ "cwe": [
113
+ "CWE-930"
114
+ ],
115
+ "children": [
116
+ {
117
+ "id": "authentication_bypass",
118
+ "cwe": [
119
+ "CWE-287"
120
+ ]
121
+ },
122
+ {
123
+ "id": "cleartext_transmission_of_session_token",
124
+ "cwe": [
125
+ "CWE-319"
126
+ ]
127
+ },
128
+ {
129
+ "id": "concurrent_logins",
130
+ "cwe": [
131
+ "CWE-1018"
132
+ ]
133
+ },
134
+ {
135
+ "id": "failure_to_invalidate_session",
136
+ "cwe": [
137
+ "CWE-613"
138
+ ]
139
+ },
140
+ {
141
+ "id": "session_fixation",
142
+ "cwe": [
143
+ "CWE-384"
144
+ ]
145
+ },
146
+ {
147
+ "id": "two_fa_bypass",
148
+ "cwe": [
149
+ "CWE-304"
150
+ ]
151
+ },
152
+ {
153
+ "id": "weak_login_function",
154
+ "cwe": [
155
+ "CWE-523"
156
+ ]
157
+ },
158
+ {
159
+ "id": "weak_registration_implementation",
160
+ "children": [
161
+ {
162
+ "id": "over_http",
163
+ "cwe": [
164
+ "CWE-311"
165
+ ]
166
+ }
167
+ ]
168
+ },
169
+ {
170
+ "id": "excessive_jwt_lifetime",
171
+ "cwe": null
172
+ },
173
+ {
174
+ "id": "secret_questions_account_verification",
175
+ "cwe": null
176
+ }
177
+ ]
178
+ },
179
+ {
180
+ "id": "client_side_injection",
181
+ "cwe": [
182
+ "CWE-929"
183
+ ]
184
+ },
185
+ {
186
+ "id": "cross_site_request_forgery_csrf",
187
+ "cwe": [
188
+ "CWE-352"
189
+ ]
190
+ },
191
+ {
192
+ "id": "cross_site_scripting_xss",
193
+ "cwe": [
194
+ "CWE-79"
195
+ ]
196
+ },
197
+ {
198
+ "id": "cryptographic_weakness",
199
+ "cwe": [
200
+ "CWE-310",
201
+ "CWE-1205"
202
+ ],
203
+ "children": [
204
+ {
205
+ "id": "broken_cryptography",
206
+ "cwe": [
207
+ "CWE-327"
208
+ ],
209
+ "children": [
210
+ {
211
+ "id": "use_of_broken_cryptographic_primitive",
212
+ "cwe": [
213
+ "CWE-327"
214
+ ]
215
+ },
216
+ {
217
+ "id": "use_of_vulnerable_cryptographic_library",
218
+ "cwe": [
219
+ "CWE-327"
220
+ ]
221
+ }
222
+ ]
223
+ },
224
+ {
225
+ "id": "incomplete_cleanup_of_keying_material",
226
+ "cwe": [
227
+ "CWE-459"
228
+ ]
229
+ },
230
+ {
231
+ "id": "insecure_implementation",
232
+ "cwe": [
233
+ "CWE-573"
234
+ ],
235
+ "children": [
236
+ {
237
+ "id": "improper_following_of_specification",
238
+ "cwe": [
239
+ "CWE-358",
240
+ "CWE-573"
241
+ ]
242
+ },
243
+ {
244
+ "id": "missing_cryptographic_step",
245
+ "cwe": [
246
+ "CWE-325"
247
+ ]
248
+ }
249
+ ]
250
+ },
251
+ {
252
+ "id": "insecure_key_generation",
253
+ "cwe": null,
254
+ "children": [
255
+ {
256
+ "id": "improper_asymmetric_exponent_selection",
257
+ "cwe": [
258
+ "CWE-326",
259
+ "CWE-1240"
260
+ ]
261
+ },
262
+ {
263
+ "id": "improper_asymmetric_prime_selection",
264
+ "cwe": [
265
+ "CWE-326",
266
+ "CWE-1240"
267
+ ]
268
+ },
269
+ {
270
+ "id": "insufficient_key_space",
271
+ "cwe": [
272
+ "CWE-326",
273
+ "CWE-331",
274
+ "CWE-1240"
275
+ ]
276
+ },
277
+ {
278
+ "id": "insufficient_key_stretching",
279
+ "cwe": [
280
+ "CWE-326",
281
+ "CWE-1240"
282
+ ]
283
+ },
284
+ {
285
+ "id": "key_exchange_without_entity_authentication",
286
+ "cwe": [
287
+ "CWE-322"
288
+ ]
289
+ }
290
+ ]
291
+ },
292
+ {
293
+ "id": "insufficient_entropy",
294
+ "cwe": [
295
+ "CWE-330",
296
+ "CWE-331"
297
+ ],
298
+ "children": [
299
+ {
300
+ "id": "initialization_vector_reuse",
301
+ "cwe": [
302
+ "CWE-1204"
303
+ ]
304
+ },
305
+ {
306
+ "id": "limited_rng_entropy_source",
307
+ "cwe": [
308
+ "CWE-338",
309
+ "CWE-332"
310
+ ]
311
+ },
312
+ {
313
+ "id": "predictable_initialization_vector",
314
+ "cwe": [
315
+ "CWE-340"
316
+ ]
317
+ },
318
+ {
319
+ "id": "predictable_prng_seed",
320
+ "cwe": [
321
+ "CWE-337"
322
+ ]
323
+ },
324
+ {
325
+ "id": "prng_seed_reuse",
326
+ "cwe": [
327
+ "CWE-336"
328
+ ]
329
+ },
330
+ {
331
+ "id": "small_seed_space_in_prng",
332
+ "cwe": [
333
+ "CWE-339",
334
+ "CWE-334"
335
+ ]
336
+ },
337
+ {
338
+ "id": "use_of_trng_for_nonsecurity_purpose",
339
+ "cwe": [
340
+ "CWE-333"
341
+ ]
342
+ }
343
+ ]
344
+ },
345
+ {
346
+ "id": "insufficient_verification_of_data_authenticity",
347
+ "cwe": [
348
+ "CWE-345"
349
+ ],
350
+ "children": [
351
+ {
352
+ "id": "cryptographic_signature",
353
+ "cwe": [
354
+ "CWE-347"
355
+ ]
356
+ },
357
+ {
358
+ "id": "identity_check_value",
359
+ "cwe": [
360
+ "CWE-353",
361
+ "CWE-354",
362
+ "CWE-924"
363
+ ]
364
+ }
365
+ ]
366
+ },
367
+ {
368
+ "id": "key_reuse",
369
+ "cwe": [
370
+ "CWE-323"
371
+ ],
372
+ "children": [
373
+ {
374
+ "id": "inter_environment",
375
+ "cwe": [
376
+ "CWE-323"
377
+ ]
378
+ },
379
+ {
380
+ "id": "intra_environment",
381
+ "cwe": [
382
+ "CWE-323"
383
+ ]
384
+ },
385
+ {
386
+ "id": "lack_of_perfect_forward_secrecy",
387
+ "cwe": [
388
+ "CWE-323"
389
+ ]
390
+ }
391
+ ]
392
+ },
393
+ {
394
+ "id": "side_channel_attack",
395
+ "cwe": [
396
+ "CWE-203",
397
+ "CWE-1300"
398
+ ],
399
+ "children": [
400
+ {
401
+ "id": "differential_fault_analysis",
402
+ "cwe": [
403
+ "CWE-204",
404
+ "CWE-205"
405
+ ]
406
+ },
407
+ {
408
+ "id": "emanations_attack",
409
+ "cwe": [
410
+ "CWE-1300"
411
+ ]
412
+ },
413
+ {
414
+ "id": "padding_oracle_attack",
415
+ "cwe": [
416
+ "CWE-780"
417
+ ]
418
+ },
419
+ {
420
+ "id": "power_analysis_attack",
421
+ "cwe": [
422
+ "CWE-1300"
423
+ ]
424
+ },
425
+ {
426
+ "id": "timing_attack",
427
+ "cwe": [
428
+ "CWE-208"
429
+ ]
430
+ }
431
+ ]
432
+ },
433
+ {
434
+ "id": "use_of_expired_cryptographic_key_or_cert",
435
+ "cwe": [
436
+ "CWE-295",
437
+ "CWE-298",
438
+ "CWE-299",
439
+ "CWE-324"
440
+ ]
441
+ },
442
+ {
443
+ "id": "weak_hash",
444
+ "cwe": [
445
+ "CWE-328"
446
+ ],
447
+ "children": [
448
+ {
449
+ "id": "lack_of_salt",
450
+ "cwe": [
451
+ "CWE-759",
452
+ "CWE-916"
453
+ ]
454
+ },
455
+ {
456
+ "id": "predictable_hash_collision",
457
+ "cwe": [
458
+ "CWE-328"
459
+ ]
460
+ },
461
+ {
462
+ "id": "use_of_predictable_salt",
463
+ "cwe": [
464
+ "CWE-760"
465
+ ]
466
+ }
467
+ ]
468
+ }
469
+ ]
470
+ },
471
+ {
472
+ "id": "data_biases",
473
+ "cwe": null,
474
+ "children": [
475
+ {
476
+ "id": "pre_existing_bias",
477
+ "cwe": null
478
+ },
479
+ {
480
+ "id": "representation_bias",
481
+ "cwe": null
482
+ }
483
+ ]
484
+ },
485
+ {
486
+ "id": "decentralized_application_misconfiguration",
487
+ "cwe": null
488
+ },
489
+ {
490
+ "id": "developer_biases",
491
+ "cwe": null,
492
+ "children": [
493
+ {
494
+ "id": "implicit_bias",
495
+ "cwe": null
496
+ }
497
+ ]
498
+ },
499
+ {
500
+ "id": "external_behavior",
501
+ "cwe": null
502
+ },
503
+ {
504
+ "id": "indicators_of_compromise",
505
+ "cwe": null
506
+ },
507
+ {
508
+ "id": "insecure_data_storage",
509
+ "cwe": [
510
+ "CWE-729",
511
+ "CWE-922"
512
+ ],
513
+ "children": [
514
+ {
515
+ "id": "non_sensitive_application_data_stored_unencrypted",
516
+ "cwe": [
517
+ "CWE-312"
518
+ ]
519
+ },
520
+ {
521
+ "id": "sensitive_application_data_stored_unencrypted",
522
+ "cwe": [
523
+ "CWE-312"
524
+ ]
525
+ },
526
+ {
527
+ "id": "server_side_credentials_storage",
528
+ "cwe": [
529
+ "CWE-522"
530
+ ],
531
+ "children": [
532
+ {
533
+ "id": "plaintext",
534
+ "cwe": [
535
+ "CWE-256"
536
+ ]
537
+ }
538
+ ]
539
+ }
540
+ ]
541
+ },
542
+ {
543
+ "id": "insecure_data_transport",
544
+ "cwe": [
545
+ "CWE-311",
546
+ "CWE-319"
547
+ ],
548
+ "children": [
549
+ {
550
+ "id": "cleartext_transmission_of_sensitive_data",
551
+ "cwe": [
552
+ "CWE-319"
553
+ ]
554
+ },
555
+ {
556
+ "id": "executable_download",
557
+ "children": [
558
+ {
559
+ "id": "no_secure_integrity_check",
560
+ "cwe": [
561
+ "CWE-353",
562
+ "CWE-354",
563
+ "CWE-494"
564
+ ]
565
+ }
566
+ ]
567
+ }
568
+ ]
569
+ },
570
+ {
571
+ "id": "insecure_os_firmware",
572
+ "children": [
573
+ {
574
+ "id": "command_injection",
575
+ "cwe": [
576
+ "CWE-77"
577
+ ]
578
+ },
579
+ {
580
+ "id": "data_not_encrypted_at_rest",
581
+ "children": [
582
+ {
583
+ "id": "non_sensitive",
584
+ "cwe": [
585
+ "CWE-311"
586
+ ]
587
+ },
588
+ {
589
+ "id": "sensitive",
590
+ "cwe": [
591
+ "CWE-311"
592
+ ]
593
+ }
594
+ ]
595
+ },
596
+ {
597
+ "id": "failure_to_remove_sensitive_artifacts_from_disk",
598
+ "cwe": [
599
+ "CWE-459"
600
+ ]
601
+ },
602
+ {
603
+ "id": "hardcoded_password",
604
+ "cwe": [
605
+ "CWE-259"
606
+ ]
607
+ },
608
+ {
609
+ "id": "kiosk_escape_or_breakout",
610
+ "cwe": [
611
+ "CWE-284"
612
+ ]
613
+ },
614
+ {
615
+ "id": "local_administrator_on_default_environment",
616
+ "cwe": [
617
+ "CWE-276"
618
+ ]
619
+ },
620
+ {
621
+ "id": "over_permissioned_credentials_on_storage",
622
+ "cwe": [
623
+ "CWE-250"
624
+ ]
625
+ },
626
+ {
627
+ "id": "poorly_configured_disk_encryption",
628
+ "cwe": [
629
+ "CWE-326"
630
+ ]
631
+ },
632
+ {
633
+ "id": "poorly_configured_operating_system_security",
634
+ "cwe": [
635
+ "CWE-16"
636
+ ]
637
+ },
638
+ {
639
+ "id": "recovery_of_disk_contains_sensitive_material",
640
+ "cwe": [
641
+ "CWE-522"
642
+ ]
643
+ },
644
+ {
645
+ "id": "shared_credentials_on_storage",
646
+ "cwe": [
647
+ "CWE-798"
648
+ ]
649
+ },
650
+ {
651
+ "id": "weakness_in_firmware_updates",
652
+ "children": [
653
+ {
654
+ "id": "firmware_cannot_be_updated",
655
+ "cwe": [
656
+ "CWE-434"
657
+ ]
658
+ },
659
+ {
660
+ "id": "firmware_does_not_validate_update_integrity",
661
+ "cwe": [
662
+ "CWE-434"
663
+ ]
664
+ },
665
+ {
666
+ "id": "firmware_is_not_encrypted",
667
+ "cwe": [
668
+ "CWE-434"
669
+ ]
670
+ }
671
+ ]
672
+ }
673
+ ]
674
+ },
675
+ {
676
+ "id": "insufficient_security_configurability",
677
+ "cwe": [
678
+ "CWE-16"
679
+ ],
680
+ "children": [
681
+ {
682
+ "id": "no_password_policy",
683
+ "cwe": [
684
+ "CWE-521"
685
+ ]
686
+ },
687
+ {
688
+ "id": "password_policy_bypass",
689
+ "cwe": [
690
+ "CWE-521"
691
+ ]
692
+ },
693
+ {
694
+ "id": "weak_password_policy",
695
+ "cwe": [
696
+ "CWE-521"
697
+ ]
698
+ },
699
+ {
700
+ "id": "weak_password_reset_implementation",
701
+ "cwe": [
702
+ "CWE-640"
703
+ ]
704
+ },
705
+ {
706
+ "id": "no_two_fa_implementation",
707
+ "cwe": null
708
+ },
709
+ {
710
+ "id": "no_account_lockout",
711
+ "cwe": null
712
+ },
713
+ {
714
+ "id": "weak_jwt_hashing_algorithm",
715
+ "cwe": null
716
+ }
717
+ ]
718
+ },
719
+ {
720
+ "id": "lack_of_binary_hardening",
721
+ "cwe": [
722
+ "CWE-693"
723
+ ]
724
+ },
725
+ {
726
+ "id": "misinterpretation_biases",
727
+ "cwe": null,
728
+ "children": [
729
+ {
730
+ "id": "context_ignorance",
731
+ "cwe": null
732
+ }
733
+ ]
734
+ },
735
+ {
736
+ "id": "mobile_security_misconfiguration",
737
+ "cwe": [
738
+ "CWE-919"
739
+ ]
740
+ },
741
+ {
742
+ "id": "network_security_misconfiguration",
743
+ "cwe": [
744
+ "CWE-16"
745
+ ]
746
+ },
747
+ {
748
+ "id": "physical_security_issues",
749
+ "children": [
750
+ {
751
+ "id": "bypass_of_physical_access_control",
752
+ "cwe": [
753
+ "CWE-1300"
754
+ ]
755
+ },
756
+ {
757
+ "id": "weakness_in_physical_access_control",
758
+ "children": [
759
+ {
760
+ "id": "cloneable_key",
761
+ "cwe": [
762
+ "CWE-1300"
763
+ ]
764
+ },
765
+ {
766
+ "id": "commonly_keyed_system",
767
+ "cwe": [
768
+ "CWE-284"
769
+ ]
770
+ },
771
+ {
772
+ "id": "master_key_identification",
773
+ "cwe": [
774
+ "CWE-284"
775
+ ]
776
+ }
777
+ ]
778
+ }
779
+ ]
780
+ },
781
+ {
782
+ "id": "privacy_concerns",
783
+ "cwe": [
784
+ "CWE-359"
785
+ ]
786
+ },
787
+ {
788
+ "id": "protocol_specific_misconfiguration",
789
+ "cwe": null
790
+ },
791
+ {
792
+ "id": "sensitive_data_exposure",
793
+ "cwe": [
794
+ "CWE-934"
795
+ ],
796
+ "children": [
797
+ {
798
+ "id": "disclosure_of_known_public_information",
799
+ "cwe": [
800
+ "CWE-200"
801
+ ]
802
+ },
803
+ {
804
+ "id": "disclosure_of_secrets",
805
+ "children": [
806
+ {
807
+ "id": "pii_leakage_exposure",
808
+ "cwe": [
809
+ "CWE-200"
810
+ ]
811
+ },
812
+ {
813
+ "id": "sensitive_information_disclosed_jwt",
814
+ "cwe": null
815
+ },
816
+ {
817
+ "id": "publicly_accessible_robots",
818
+ "cwe": null
819
+ }
820
+ ]
821
+ },
822
+ {
823
+ "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
824
+ "cwe": [
825
+ "CWE-200"
826
+ ]
827
+ },
828
+ {
829
+ "id": "graphql_introspection_enabled",
830
+ "cwe": [
831
+ "CWE-200"
832
+ ]
833
+ },
834
+ {
835
+ "id": "non_sensitive_token_in_url",
836
+ "cwe": [
837
+ "CWE-200"
838
+ ]
839
+ },
840
+ {
841
+ "id": "sensitive_token_in_url",
842
+ "cwe": [
843
+ "CWE-200"
844
+ ]
845
+ },
846
+ {
847
+ "id": "token_leakage_via_referer",
848
+ "cwe": [
849
+ "CWE-200"
850
+ ]
851
+ },
852
+ {
853
+ "id": "via_localstorage_sessionstorage",
854
+ "cwe": [
855
+ "CWE-922"
856
+ ]
857
+ },
858
+ {
859
+ "id": "visible_detailed_error_page",
860
+ "cwe": [
861
+ "CWE-209",
862
+ "CWE-215"
863
+ ]
864
+ },
865
+ {
866
+ "id": "weak_password_reset_implementation",
867
+ "cwe": [
868
+ "CWE-640"
869
+ ]
870
+ }
871
+ ]
872
+ },
873
+ {
874
+ "id": "server_security_misconfiguration",
875
+ "cwe": [
876
+ "CWE-16"
877
+ ],
878
+ "children": [
879
+ {
880
+ "id": "cache_poisoning",
881
+ "cwe": [
882
+ "CWE-444"
883
+ ]
884
+ },
885
+ {
886
+ "id": "captcha",
887
+ "cwe": [
888
+ "CWE-804"
889
+ ]
890
+ },
891
+ {
892
+ "id": "clickjacking",
893
+ "cwe": [
894
+ "CWE-451"
895
+ ]
896
+ },
897
+ {
898
+ "id": "dbms_misconfiguration",
899
+ "children": [
900
+ {
901
+ "id": "excessively_privileged_user_dba",
902
+ "cwe": [
903
+ "CWE-250"
904
+ ]
905
+ }
906
+ ]
907
+ },
908
+ {
909
+ "id": "directory_listing_enabled",
910
+ "cwe": [
911
+ "CWE-548"
912
+ ]
913
+ },
914
+ {
915
+ "id": "insecure_ssl",
916
+ "children": [
917
+ {
918
+ "id": "insecure_cipher_suite",
919
+ "cwe": [
920
+ "CWE-326"
921
+ ]
922
+ }
923
+ ]
924
+ },
925
+ {
926
+ "id": "lack_of_password_confirmation",
927
+ "children": [
928
+ {
929
+ "id": "change_password",
930
+ "cwe": [
931
+ "CWE-620"
932
+ ]
933
+ }
934
+ ]
935
+ },
936
+ {
937
+ "id": "lack_of_security_headers",
938
+ "children": [
939
+ {
940
+ "id": "cache_control_for_a_non_sensitive_page",
941
+ "cwe": [
942
+ "CWE-525"
943
+ ]
944
+ },
945
+ {
946
+ "id": "cache_control_for_a_sensitive_page",
947
+ "cwe": [
948
+ "CWE-525"
949
+ ]
950
+ }
951
+ ]
952
+ },
953
+ {
954
+ "id": "misconfigured_dns",
955
+ "children": [
956
+ {
957
+ "id": "zone_transfer",
958
+ "cwe": [
959
+ "CWE-669"
960
+ ]
961
+ }
962
+ ]
963
+ },
964
+ {
965
+ "id": "missing_secure_or_httponly_cookie_flag",
966
+ "cwe": [
967
+ "CWE-614",
968
+ "CWE-1004"
969
+ ]
970
+ },
971
+ {
972
+ "id": "no_rate_limiting_on_form",
973
+ "cwe": [
974
+ "CWE-799"
975
+ ],
976
+ "children": [
977
+ {
978
+ "id": "login",
979
+ "cwe": [
980
+ "CWE-307"
981
+ ]
982
+ }
983
+ ]
984
+ },
985
+ {
986
+ "id": "oauth_misconfiguration",
987
+ "cwe": [
988
+ "CWE-303"
989
+ ],
990
+ "children": [
991
+ {
992
+ "id": "insecure_redirect_uri",
993
+ "cwe": [
994
+ "CWE-601"
995
+ ]
996
+ },
997
+ {
998
+ "id": "missing_state_parameter",
999
+ "cwe": [
1000
+ "CWE-352"
1001
+ ]
1002
+ }
1003
+ ]
1004
+ },
1005
+ {
1006
+ "id": "path_traversal",
1007
+ "cwe": [
1008
+ "CWE-22",
1009
+ "CWE-73"
1010
+ ]
1011
+ },
1012
+ {
1013
+ "id": "race_condition",
1014
+ "cwe": [
1015
+ "CWE-362",
1016
+ "CWE-366",
1017
+ "CWE-368",
1018
+ "CWE-421"
1019
+ ]
1020
+ },
1021
+ {
1022
+ "id": "request_smuggling",
1023
+ "cwe": [
1024
+ "CWE-444"
1025
+ ]
1026
+ },
1027
+ {
1028
+ "id": "server_side_request_forgery_ssrf",
1029
+ "cwe": [
1030
+ "CWE-918",
1031
+ "CWE-441"
1032
+ ],
1033
+ "children": [
1034
+ {
1035
+ "id": "internal_secrets_exposure",
1036
+ "cwe": null
1037
+ },
1038
+ {
1039
+ "id": "internal_data_exposure",
1040
+ "cwe": null
1041
+ },
1042
+ {
1043
+ "id": "internal_port_service_scan",
1044
+ "cwe": null
1045
+ },
1046
+ {
1047
+ "id": "internal_exposure_presence_data_secrets",
1048
+ "cwe": null
1049
+ },
1050
+ {
1051
+ "id": "internal_port_scan_only",
1052
+ "cwe": null
1053
+ }
1054
+ ]
1055
+ },
1056
+ {
1057
+ "id": "ssl_attack_breach_poodle_etc",
1058
+ "cwe": [
1059
+ "CWE-310"
1060
+ ]
1061
+ },
1062
+ {
1063
+ "id": "unsafe_cross_origin_resource_sharing",
1064
+ "cwe": [
1065
+ "CWE-942"
1066
+ ]
1067
+ },
1068
+ {
1069
+ "id": "unsafe_file_upload",
1070
+ "children": [
1071
+ {
1072
+ "id": "file_extension_filter_bypass",
1073
+ "cwe": [
1074
+ "CWE-434",
1075
+ "CWE-646"
1076
+ ]
1077
+ }
1078
+ ]
1079
+ },
1080
+ {
1081
+ "id": "username_enumeration",
1082
+ "cwe": [
1083
+ "CWE-204"
1084
+ ]
1085
+ },
1086
+ {
1087
+ "id": "using_default_credentials",
1088
+ "cwe": [
1089
+ "CWE-255",
1090
+ "CWE-521"
1091
+ ]
1092
+ },
1093
+ {
1094
+ "id": "misconfigured_file_share",
1095
+ "children": [
1096
+ {
1097
+ "id": "anonymous_ftp_enabled",
1098
+ "cwe": null
1099
+ },
1100
+ {
1101
+ "id": "anonymous_smb_enabled",
1102
+ "cwe": null
1103
+ },
1104
+ {
1105
+ "id": "non_sensitive_data_exposure_ftp_smb",
1106
+ "cwe": null
1107
+ }
1108
+ ]
1109
+ },
1110
+ {
1111
+ "id": "fingerprinting_banner_disclosure",
1112
+ "children": [
1113
+ {
1114
+ "id": "software_version_in_response_headers",
1115
+ "cwe": null
1116
+ }
1117
+ ]
1118
+ },
1119
+ {
1120
+ "id": "misconfigured_security_headers",
1121
+ "children": [
1122
+ {
1123
+ "id": "insecure_csp",
1124
+ "cwe": null
1125
+ }
1126
+ ]
1127
+ }
1128
+ ]
1129
+ },
1130
+ {
1131
+ "id": "server_side_injection",
1132
+ "cwe": [
1133
+ "CWE-929"
1134
+ ],
1135
+ "children": [
1136
+ {
1137
+ "id": "content_spoofing",
1138
+ "cwe": [
1139
+ "CWE-451"
1140
+ ],
1141
+ "children": [
1142
+ {
1143
+ "id": "homograph_idn_based",
1144
+ "cwe": [
1145
+ "CWE-1007"
1146
+ ]
1147
+ },
1148
+ {
1149
+ "id": "self_email_html_injection",
1150
+ "cwe": null
1151
+ }
1152
+ ]
1153
+ },
1154
+ {
1155
+ "id": "file_inclusion",
1156
+ "cwe": [
1157
+ "CWE-73",
1158
+ "CWE-714"
1159
+ ]
1160
+ },
1161
+ {
1162
+ "id": "http_response_manipulation",
1163
+ "children": [
1164
+ {
1165
+ "id": "response_splitting_crlf",
1166
+ "cwe": [
1167
+ "CWE-113"
1168
+ ]
1169
+ }
1170
+ ]
1171
+ },
1172
+ {
1173
+ "id": "ldap_injection",
1174
+ "cwe": [
1175
+ "CWE-90"
1176
+ ]
1177
+ },
1178
+ {
1179
+ "id": "remote_code_execution_rce",
1180
+ "cwe": [
1181
+ "CWE-77",
1182
+ "CWE-78",
1183
+ "CWE-94",
1184
+ "CWE-95"
1185
+ ]
1186
+ },
1187
+ {
1188
+ "id": "sql_injection",
1189
+ "cwe": [
1190
+ "CWE-89"
1191
+ ]
1192
+ },
1193
+ {
1194
+ "id": "ssti",
1195
+ "cwe": [
1196
+ "CWE-94"
1197
+ ]
1198
+ },
1199
+ {
1200
+ "id": "xml_external_entity_injection_xxe",
1201
+ "cwe": [
1202
+ "CWE-611"
1203
+ ]
1204
+ }
1205
+ ]
1206
+ },
1207
+ {
1208
+ "id": "smart_contract_misconfiguration",
1209
+ "cwe": null
1210
+ },
1211
+ {
1212
+ "id": "societal_biases",
1213
+ "cwe": null,
1214
+ "children": [
1215
+ {
1216
+ "id": "confirmation_bias",
1217
+ "cwe": null
1218
+ },
1219
+ {
1220
+ "id": "systemic_bias",
1221
+ "cwe": null
1222
+ }
1223
+ ]
1224
+ },
1225
+ {
1226
+ "id": "unvalidated_redirects_and_forwards",
1227
+ "cwe": [
1228
+ "CWE-601"
1229
+ ],
1230
+ "children": [
1231
+ {
1232
+ "id": "open_redirect",
1233
+ "cwe": [
1234
+ "CWE-601"
1235
+ ]
1236
+ },
1237
+ {
1238
+ "id": "tabnabbing",
1239
+ "cwe": [
1240
+ "CWE-1022"
1241
+ ]
1242
+ }
1243
+ ]
1244
+ },
1245
+ {
1246
+ "id": "using_components_with_known_vulnerabilities",
1247
+ "cwe": [
1248
+ "CWE-937"
1249
+ ],
1250
+ "children": [
1251
+ {
1252
+ "id": "unpatched_javascript_libraries",
1253
+ "cwe": null
1254
+ }
1255
+ ]
1256
+ },
1257
+ {
1258
+ "id": "zero_knowledge_security_misconfiguration",
1259
+ "cwe": null
1260
+ },
1261
+ {
1262
+ "id": "active_directory",
1263
+ "children": [
1264
+ {
1265
+ "id": "sscm_abuse",
1266
+ "children": [
1267
+ {
1268
+ "id": "pxe_boot_media_theft",
1269
+ "cwe": null
1270
+ },
1271
+ {
1272
+ "id": "distribution_point_anonymous_access",
1273
+ "cwe": null
1274
+ },
1275
+ {
1276
+ "id": "automatic_device_approval",
1277
+ "cwe": null
1278
+ },
1279
+ {
1280
+ "id": "ntlm_management_point_site_database",
1281
+ "cwe": null
1282
+ },
1283
+ {
1284
+ "id": "ntlm_site_server_site_systems",
1285
+ "cwe": null
1286
+ },
1287
+ {
1288
+ "id": "ntlm_automatic_push_installation",
1289
+ "cwe": null
1290
+ },
1291
+ {
1292
+ "id": "privileged_credentials_exposed",
1293
+ "cwe": null
1294
+ }
1295
+ ]
1296
+ },
1297
+ {
1298
+ "id": "kerberos_abuse",
1299
+ "children": [
1300
+ {
1301
+ "id": "domain_compromise_unconstrained_delegated",
1302
+ "cwe": null
1303
+ },
1304
+ {
1305
+ "id": "insecure_service_account_management",
1306
+ "cwe": null
1307
+ },
1308
+ {
1309
+ "id": "no_pre_authentication",
1310
+ "cwe": null
1311
+ }
1312
+ ]
1313
+ },
1314
+ {
1315
+ "id": "misconfigured_active_directory_certificate_services",
1316
+ "cwe": null
1317
+ },
1318
+ {
1319
+ "id": "configuration_weaknesses",
1320
+ "children": [
1321
+ {
1322
+ "id": "passwords_found_domain_description",
1323
+ "cwe": null
1324
+ },
1325
+ {
1326
+ "id": "weak_domain_password_policy",
1327
+ "cwe": null
1328
+ },
1329
+ {
1330
+ "id": "shared_administrator_passwords",
1331
+ "cwe": null
1332
+ },
1333
+ {
1334
+ "id": "excessive_domain_admin_membership",
1335
+ "cwe": null
1336
+ },
1337
+ {
1338
+ "id": "dormant_enabled_user_accounts",
1339
+ "cwe": null
1340
+ }
1341
+ ]
1342
+ },
1343
+ {
1344
+ "id": "sensitive_data_exposure",
1345
+ "children": [
1346
+ {
1347
+ "id": "ldap_anonymous_bind_enabled",
1348
+ "cwe": null
1349
+ },
1350
+ {
1351
+ "id": "sensitive_data_in_open_file_shares",
1352
+ "cwe": null
1353
+ }
1354
+ ]
1355
+ },
1356
+ {
1357
+ "id": "dacl_abuse",
1358
+ "cwe": null
1359
+ }
1360
+ ]
1361
+ }
1362
+ ]
1363
+ }