vrt 0.7.1 → 0.11.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (65) hide show
  1. checksums.yaml +5 -5
  2. data/lib/data/1.10.1/deprecated-node-mapping.json +200 -0
  3. data/lib/data/1.10.1/mappings/cvss_v3/cvss_v3.json +1074 -0
  4. data/lib/data/1.10.1/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  5. data/lib/data/1.10.1/mappings/cwe/cwe.json +477 -0
  6. data/lib/data/1.10.1/mappings/cwe/cwe.schema.json +63 -0
  7. data/lib/data/1.10.1/mappings/remediation_advice/remediation_advice.json +1543 -0
  8. data/lib/data/1.10.1/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  9. data/lib/data/1.10.1/third-party-mappings/remediation_training/secure-code-warrior-links.json +348 -0
  10. data/lib/data/1.10.1/vrt.schema.json +63 -0
  11. data/lib/data/1.10.1/vulnerability-rating-taxonomy.json +2171 -0
  12. data/lib/data/1.10/deprecated-node-mapping.json +200 -0
  13. data/lib/data/1.10/mappings/cvss_v3/cvss_v3.json +1074 -0
  14. data/lib/data/1.10/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  15. data/lib/data/1.10/mappings/cwe/cwe.json +477 -0
  16. data/lib/data/1.10/mappings/cwe/cwe.schema.json +63 -0
  17. data/lib/data/1.10/mappings/remediation_advice/remediation_advice.json +1543 -0
  18. data/lib/data/1.10/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  19. data/lib/data/1.10/third-party-mappings/remediation_training/secure-code-warriors-links.json +348 -0
  20. data/lib/data/1.10/vrt.schema.json +63 -0
  21. data/lib/data/1.10/vulnerability-rating-taxonomy.json +2171 -0
  22. data/lib/data/1.7.1/deprecated-node-mapping.json +149 -0
  23. data/lib/data/1.7.1/mappings/cvss_v3/cvss_v3.json +928 -0
  24. data/lib/data/1.7.1/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  25. data/lib/data/1.7.1/mappings/cwe/cwe.json +441 -0
  26. data/lib/data/1.7.1/mappings/cwe/cwe.schema.json +63 -0
  27. data/lib/data/1.7.1/mappings/remediation_advice/remediation_advice.json +1354 -0
  28. data/lib/data/1.7.1/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  29. data/lib/data/1.7.1/vrt.schema.json +63 -0
  30. data/lib/data/1.7.1/vulnerability-rating-taxonomy.json +1937 -0
  31. data/lib/data/1.7/deprecated-node-mapping.json +149 -0
  32. data/lib/data/1.7/mappings/cvss_v3/cvss_v3.json +861 -0
  33. data/lib/data/1.7/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  34. data/lib/data/1.7/mappings/cwe/cwe.json +441 -0
  35. data/lib/data/1.7/mappings/cwe/cwe.schema.json +63 -0
  36. data/lib/data/1.7/mappings/remediation_advice/remediation_advice.json +1230 -0
  37. data/lib/data/1.7/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  38. data/lib/data/1.7/vrt.schema.json +63 -0
  39. data/lib/data/1.7/vulnerability-rating-taxonomy.json +1937 -0
  40. data/lib/data/1.8/deprecated-node-mapping.json +149 -0
  41. data/lib/data/1.8/mappings/cvss_v3/cvss_v3.json +935 -0
  42. data/lib/data/1.8/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  43. data/lib/data/1.8/mappings/cwe/cwe.json +453 -0
  44. data/lib/data/1.8/mappings/cwe/cwe.schema.json +63 -0
  45. data/lib/data/1.8/mappings/remediation_advice/remediation_advice.json +1381 -0
  46. data/lib/data/1.8/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  47. data/lib/data/1.8/vrt.schema.json +63 -0
  48. data/lib/data/1.8/vulnerability-rating-taxonomy.json +1948 -0
  49. data/lib/data/1.9/deprecated-node-mapping.json +158 -0
  50. data/lib/data/1.9/mappings/cvss_v3/cvss_v3.json +1002 -0
  51. data/lib/data/1.9/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  52. data/lib/data/1.9/mappings/cwe/cwe.json +457 -0
  53. data/lib/data/1.9/mappings/cwe/cwe.schema.json +63 -0
  54. data/lib/data/1.9/mappings/remediation_advice/remediation_advice.json +1409 -0
  55. data/lib/data/1.9/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  56. data/lib/data/1.9/vrt.schema.json +63 -0
  57. data/lib/data/1.9/vulnerability-rating-taxonomy.json +2053 -0
  58. data/lib/generators/vrt/install_generator.rb +1 -1
  59. data/lib/vrt.rb +2 -0
  60. data/lib/vrt/cross_version_mapping.rb +3 -2
  61. data/lib/vrt/errors.rb +5 -0
  62. data/lib/vrt/map.rb +8 -5
  63. data/lib/vrt/mapping.rb +12 -1
  64. data/lib/vrt/version.rb +1 -1
  65. metadata +92 -32
data/lib/data/1.7/deprecated-node-mapping.json ADDED
@@ -0,0 +1,149 @@
1
+ {
2
+ "poor_physical_security": {
3
+ "1.1": "other"
4
+ },
5
+ "social_engineering": {
6
+ "1.1": "other"
7
+ },
8
+ "unvalidated_redirects_and_forwards.open_redirect.get_based_all_users": {
9
+ "1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
10
+ },
11
+ "unvalidated_redirects_and_forwards.open_redirect.get_based_authenticated": {
12
+ "1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
13
+ },
14
+ "unvalidated_redirects_and_forwards.open_redirect.get_based_unauthenticated": {
15
+ "1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
16
+ },
17
+ "broken_authentication_and_session_management.session_token_in_url.over_https": {
18
+ "1.2": "sensitive_data_exposure.sensitive_token_in_url"
19
+ },
20
+ "broken_authentication_and_session_management.session_token_in_url.over_http": {
21
+ "1.2": "sensitive_data_exposure.sensitive_token_in_url"
22
+ },
23
+ "broken_authentication_and_session_management.session_token_in_url": {
24
+ "1.2": "sensitive_data_exposure.sensitive_token_in_url"
25
+ },
26
+ "insecure_data_transport": {
27
+ "1.2": "mobile_security_misconfiguration"
28
+ },
29
+ "insecure_data_transport.ssl_certificate_pinning": {
30
+ "1.2": "mobile_security_misconfiguration.ssl_certificate_pinning"
31
+ },
32
+ "insecure_data_transport.ssl_certificate_pinning.absent": {
33
+ "1.2": "mobile_security_misconfiguration.ssl_certificate_pinning.absent"
34
+ },
35
+ "insecure_data_transport.ssl_certificate_pinning.defeatable": {
36
+ "1.2": "mobile_security_misconfiguration.ssl_certificate_pinning.defeatable"
37
+ },
38
+ "insecure_data_storage.credentials_stored_unencrypted": {
39
+ "1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted"
40
+ },
41
+ "insecure_data_storage.credentials_stored_unencrypted.on_external_storage": {
42
+ "1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_external_storage"
43
+ },
44
+ "insecure_data_storage.credentials_stored_unencrypted.on_internal_storage": {
45
+ "1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_internal_storage"
46
+ },
47
+ "insufficient_security_configurability.weak_password_policy.complexity_both_length_and_char_type_not_enforced": {
48
+ "1.2": "insufficient_security_configurability.no_password_policy"
49
+ },
50
+ "missing_function_level_access_control": {
51
+ "1.3": "broken_access_control"
52
+ },
53
+ "missing_function_level_access_control.server_side_request_forgery_ssrf": {
54
+ "1.3": "broken_access_control.server_side_request_forgery_ssrf"
55
+ },
56
+ "missing_function_level_access_control.server_side_request_forgery_ssrf.internal": {
57
+ "1.3": "broken_access_control.server_side_request_forgery_ssrf.internal"
58
+ },
59
+ "missing_function_level_access_control.server_side_request_forgery_ssrf.external": {
60
+ "1.3": "broken_access_control.server_side_request_forgery_ssrf.external"
61
+ },
62
+ "missing_function_level_access_control.username_enumeration": {
63
+ "1.3": "broken_access_control.username_enumeration"
64
+ },
65
+ "missing_function_level_access_control.username_enumeration.data_leak": {
66
+ "1.3": "broken_access_control.username_enumeration.data_leak"
67
+ },
68
+ "missing_function_level_access_control.exposed_sensitive_android_intent": {
69
+ "1.3": "broken_access_control.exposed_sensitive_android_intent"
70
+ },
71
+ "missing_function_level_access_control.exposed_sensitive_ios_url_scheme": {
72
+ "1.3": "broken_access_control.exposed_sensitive_ios_url_scheme"
73
+ },
74
+ "insecure_direct_object_references_idor": {
75
+ "1.3": "broken_access_control.idor"
76
+ },
77
+ "broken_authentication_and_session_management.weak_login_function.over_http": {
78
+ "1.4": "broken_authentication_and_session_management.weak_login_function.https_not_available_or_http_by_default"
79
+ },
80
+ "cross_site_scripting_xss.ie_only.older_version_ie_10_11": {
81
+ "1.4": "cross_site_scripting_xss.ie_only.ie11"
82
+ },
83
+ "cross_site_scripting_xss.ie_only.older_version_ie10": {
84
+ "1.4": "cross_site_scripting_xss.ie_only.older_version_ie11"
85
+ },
86
+ "broken_authentication_and_session_management.failure_to_invalidate_session.on_password_reset": {
87
+ "1.4": "broken_authentication_and_session_management.failure_to_invalidate_session.on_password_change"
88
+ },
89
+ "network_security_misconfiguration.telnet_enabled.credentials_required": {
90
+ "1.4": "broken_authentication_and_session_management.weak_login_function.other_plaintext_protocol_no_secure_alternative"
91
+ },
92
+ "server_security_misconfiguration.mail_server_misconfiguration.missing_spf_on_email_domain": {
93
+ "1.5": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain"
94
+ },
95
+ "server_security_misconfiguration.mail_server_misconfiguration.email_spoofable_via_third_party_api_misconfiguration": {
96
+ "1.5": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain"
97
+ },
98
+ "cross_site_scripting_xss.stored.admin_to_anyone": {
99
+ "1.5": "cross_site_scripting_xss.stored.privileged_user_to_privilege_elevation"
100
+ },
101
+ "server_security_misconfiguration.misconfigured_dns.subdomain_takeover": {
102
+ "1.5": "server_security_misconfiguration.misconfigured_dns.basic_subdomain_takeover"
103
+ },
104
+ "server_security_misconfiguration.captcha_bypass": {
105
+ "1.5": "server_security_misconfiguration.captcha"
106
+ },
107
+ "server_security_misconfiguration.captcha_bypass.implementation_vulnerability": {
108
+ "1.5": "server_security_misconfiguration.captcha.implementation_vulnerability"
109
+ },
110
+ "server_security_misconfiguration.captcha_bypass.brute_force": {
111
+ "1.5": "server_security_misconfiguration.captcha.brute_force"
112
+ },
113
+ "broken_access_control.server_side_request_forgery_ssrf.internal": {
114
+ "1.6": "broken_access_control.server_side_request_forgery_ssrf.internal_high_impact"
115
+ },
116
+ "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain": {
117
+ "1.6": "server_security_misconfiguration.mail_server_misconfiguration.no_spoofing_protection_on_email_domain"
118
+ },
119
+ "server_security_misconfiguration.mail_server_misconfiguration.missing_spf_on_non_email_domain": {
120
+ "1.6": "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim"
121
+ },
122
+ "server_security_misconfiguration.mail_server_misconfiguration.spf_uses_a_soft_fail": {
123
+ "1.6": "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim"
124
+ },
125
+ "server_security_misconfiguration.mail_server_misconfiguration.spf_includes_10_lookups": {
126
+ "1.6": "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim"
127
+ },
128
+ "server_security_misconfiguration.mail_server_misconfiguration.missing_dmarc": {
129
+ "1.6": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_to_inbox_due_to_missing_or_misconfigured_dmarc_on_email_domain"
130
+ },
131
+ "broken_access_control.username_enumeration.data_leak": {
132
+ "1.7": "broken_access_control.username_enumeration.non_brute_force"
133
+ },
134
+ "insufficient_security_configurability.weak_2fa_implementation": {
135
+ "1.7": "insufficient_security_configurability.weak_two_fa_implementation"
136
+ },
137
+ "sensitive_data_exposure.token_leakage_via_referer.trusted_3rd_party": {
138
+ "1.7": "sensitive_data_exposure.token_leakage_via_referer.trusted_third_party"
139
+ },
140
+ "sensitive_data_exposure.token_leakage_via_referer.untrusted_3rd_party": {
141
+ "1.7": "sensitive_data_exposure.token_leakage_via_referer.untrusted_third_party"
142
+ },
143
+ "cross_site_scripting_xss.ie_only.ie11": {
144
+ "1.7": "cross_site_scripting_xss.ie_only.ie_eleven"
145
+ },
146
+ "cross_site_scripting_xss.ie_only.older_version_ie11": {
147
+ "1.7": "cross_site_scripting_xss.ie_only.older_version_ie_eleven"
148
+ }
149
+ }
data/lib/data/1.7/mappings/cvss_v3/cvss_v3.json ADDED
@@ -0,0 +1,861 @@
1
+ {
2
+ "metadata": {
3
+ "default": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
4
+ },
5
+ "content": [
6
+ {
7
+ "id": "server_security_misconfiguration",
8
+ "children": [
9
+ {
10
+ "id": "unsafe_cross_origin_resource_sharing",
11
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"
12
+ },
13
+ {
14
+ "id": "path_traversal",
15
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
16
+ },
17
+ {
18
+ "id": "directory_listing_enabled",
19
+ "children": [
20
+ {
21
+ "id": "sensitive_data_exposure",
22
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
23
+ },
24
+ {
25
+ "id": "non_sensitive_data_exposure",
26
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
27
+ }
28
+ ]
29
+ },
30
+ {
31
+ "id": "same_site_scripting",
32
+ "cvss_v3": "AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"
33
+ },
34
+ {
35
+ "id": "ssl_attack_breach_poodle_etc",
36
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
37
+ },
38
+ {
39
+ "id": "using_default_credentials",
40
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
41
+ },
42
+ {
43
+ "id": "misconfigured_dns",
44
+ "children": [
45
+ {
46
+ "id": "basic_subdomain_takeover",
47
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
48
+ },
49
+ {
50
+ "id": "high_impact_subdomain_takeover",
51
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"
52
+ },
53
+ {
54
+ "id": "zone_transfer",
55
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
56
+ },
57
+ {
58
+ "id": "missing_caa_record",
59
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
60
+ }
61
+ ]
62
+ },
63
+ {
64
+ "id": "mail_server_misconfiguration",
65
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
66
+ "children": [
67
+ {
68
+ "id": "no_spoofing_protection_on_email_domain",
69
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
70
+ },
71
+ {
72
+ "id": "email_spoofing_to_inbox_due_to_missing_or_misconfigured_dmarc_on_email_domain",
73
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
74
+ }
75
+ ]
76
+ },
77
+ {
78
+ "id": "dbms_misconfiguration",
79
+ "children": [
80
+ {
81
+ "id": "excessively_privileged_user_dba",
82
+ "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N"
83
+ }
84
+ ]
85
+ },
86
+ {
87
+ "id": "lack_of_password_confirmation",
88
+ "cvss_v3": "AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
89
+ "children": [
90
+ {
91
+ "id": "manage_two_fa",
92
+ "cvss_v3": "AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"
93
+ }
94
+ ]
95
+ },
96
+ {
97
+ "id": "no_rate_limiting_on_form",
98
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
99
+ "children": [
100
+ {
101
+ "id": "login",
102
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
103
+ }
104
+ ]
105
+ },
106
+ {
107
+ "id": "unsafe_file_upload",
108
+ "children": [
109
+ {
110
+ "id": "no_antivirus",
111
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N"
112
+ },
113
+ {
114
+ "id": "no_size_limit",
115
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
116
+ },
117
+ {
118
+ "id": "file_extension_filter_bypass",
119
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
120
+ }
121
+ ]
122
+ },
123
+ {
124
+ "id": "cookie_scoped_to_parent_domain",
125
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
126
+ },
127
+ {
128
+ "id": "missing_secure_or_httponly_cookie_flag",
129
+ "children": [
130
+ {
131
+ "id": "session_token",
132
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
133
+ },
134
+ {
135
+ "id": "non_session_cookie",
136
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
137
+ }
138
+ ]
139
+ },
140
+ {
141
+ "id": "clickjacking",
142
+ "children": [
143
+ {
144
+ "id": "sensitive_action",
145
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
146
+ },
147
+ {
148
+ "id": "form_input",
149
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
150
+ },
151
+ {
152
+ "id": "non_sensitive_action",
153
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"
154
+ }
155
+ ]
156
+ },
157
+ {
158
+ "id": "oauth_misconfiguration",
159
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
160
+ "children": [
161
+ {
162
+ "id": "account_takeover",
163
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
164
+ }
165
+ ]
166
+ },
167
+ {
168
+ "id": "captcha",
169
+ "children": [
170
+ {
171
+ "id": "implementation_vulnerability",
172
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
173
+ },
174
+ {
175
+ "id": "brute_force",
176
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
177
+ },
178
+ {
179
+ "id": "missing",
180
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
181
+ }
182
+ ]
183
+ },
184
+ {
185
+ "id": "exposed_admin_portal",
186
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
187
+ },
188
+ {
189
+ "id": "missing_dnssec",
190
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
191
+ },
192
+ {
193
+ "id": "fingerprinting_banner_disclosure",
194
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
195
+ },
196
+ {
197
+ "id": "username_enumeration",
198
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
199
+ },
200
+ {
201
+ "id": "potentially_unsafe_http_method_enabled",
202
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
203
+ },
204
+ {
205
+ "id": "insecure_ssl",
206
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
207
+ },
208
+ {
209
+ "id": "rfd",
210
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N"
211
+ },
212
+ {
213
+ "id": "lack_of_security_headers",
214
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
215
+ "children": [
216
+ {
217
+ "id": "cache_control_for_a_sensitive_page",
218
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
219
+ }
220
+ ]
221
+ },
222
+ {
223
+ "id": "waf_bypass",
224
+ "children": [
225
+ {
226
+ "id": "direct_server_access",
227
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
228
+ }
229
+ ]
230
+ },
231
+ {
232
+ "id": "bitsquatting",
233
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
234
+ }
235
+ ]
236
+ },
237
+ {
238
+ "id": "server_side_injection",
239
+ "children": [
240
+ {
241
+ "id": "file_inclusion",
242
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
243
+ },
244
+ {
245
+ "id": "parameter_pollution",
246
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
247
+ },
248
+ {
249
+ "id": "remote_code_execution_rce",
250
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
251
+ },
252
+ {
253
+ "id": "sql_injection",
254
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
255
+ },
256
+ {
257
+ "id": "xml_external_entity_injection_xxe",
258
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
259
+ },
260
+ {
261
+ "id": "http_response_manipulation",
262
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
263
+ },
264
+ {
265
+ "id": "content_spoofing",
266
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N",
267
+ "children": [
268
+ {
269
+ "id": "iframe_injection",
270
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
271
+ },
272
+ {
273
+ "id": "external_authentication_injection",
274
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
275
+ },
276
+ {
277
+ "id": "flash_based_external_authentication_injection",
278
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
279
+ },
280
+ {
281
+ "id": "email_html_injection",
282
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
283
+ }
284
+ ]
285
+ }
286
+ ]
287
+ },
288
+ {
289
+ "id": "broken_authentication_and_session_management",
290
+ "children": [
291
+ {
292
+ "id": "authentication_bypass",
293
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
294
+ },
295
+ {
296
+ "id": "two_fa_bypass",
297
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
298
+ },
299
+ {
300
+ "id": "privilege_escalation",
301
+ "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"
302
+ },
303
+ {
304
+ "id": "cleartext_transmission_of_session_token",
305
+ "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
306
+ },
307
+ {
308
+ "id": "weak_login_function",
309
+ "children": [
310
+ {
311
+ "id": "not_operational",
312
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
313
+ },
314
+ {
315
+ "id": "other_plaintext_protocol_no_secure_alternative",
316
+ "cvss_v3": "AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
317
+ },
318
+ {
319
+ "id": "lan_only",
320
+ "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
321
+ },
322
+ {
323
+ "id": "http_and_https_available",
324
+ "cvss_v3": "AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
325
+ },
326
+ {
327
+ "id": "https_not_available_or_http_by_default",
328
+ "cvss_v3": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
329
+ }
330
+ ]
331
+ },
332
+ {
333
+ "id": "session_fixation",
334
+ "children": [
335
+ {
336
+ "id": "remote_attack_vector",
337
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"
338
+ },
339
+ {
340
+ "id": "local_attack_vector",
341
+ "cvss_v3": "AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"
342
+ }
343
+ ]
344
+ },
345
+ {
346
+ "id": "failure_to_invalidate_session",
347
+ "children": [
348
+ {
349
+ "id": "on_logout",
350
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
351
+ },
352
+ {
353
+ "id": "on_logout_server_side_only",
354
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
355
+ },
356
+ {
357
+ "id": "on_password_change",
358
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
359
+ },
360
+ {
361
+ "id": "all_sessions",
362
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
363
+ },
364
+ {
365
+ "id": "on_email_change",
366
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
367
+ },
368
+ {
369
+ "id": "long_timeout",
370
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
371
+ }
372
+ ]
373
+ },
374
+ {
375
+ "id": "concurrent_logins",
376
+ "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N"
377
+ },
378
+ {
379
+ "id": "weak_registration_implementation",
380
+ "cvss_v3": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
381
+ }
382
+ ]
383
+ },
384
+ {
385
+ "id": "sensitive_data_exposure",
386
+ "children": [
387
+ {
388
+ "id": "critically_sensitive_data",
389
+ "children": [
390
+ {
391
+ "id": "password_disclosure",
392
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
393
+ },
394
+ {
395
+ "id": "private_api_keys",
396
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
397
+ }
398
+ ]
399
+ },
400
+ {
401
+ "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
402
+ "children": [
403
+ {
404
+ "id": "automatic_user_enumeration",
405
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
406
+ },
407
+ {
408
+ "id": "manual_user_enumeration",
409
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
410
+ }
411
+ ]
412
+ },
413
+ {
414
+ "id": "visible_detailed_error_page",
415
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
416
+ "children": [
417
+ {
418
+ "id": "detailed_server_configuration",
419
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
420
+ }
421
+ ]
422
+ },
423
+ {
424
+ "id": "disclosure_of_known_public_information",
425
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
426
+ },
427
+ {
428
+ "id": "token_leakage_via_referer",
429
+ "children": [
430
+ {
431
+ "id": "trusted_third_party",
432
+ "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N"
433
+ },
434
+ {
435
+ "id": "untrusted_third_party",
436
+ "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"
437
+ },
438
+ {
439
+ "id": "over_http",
440
+ "cvss_v3": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"
441
+ }
442
+ ]
443
+ },
444
+ {
445
+ "id": "sensitive_token_in_url",
446
+ "cvss_v3": "AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
447
+ },
448
+ {
449
+ "id": "non_sensitive_token_in_url",
450
+ "cvss_v3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
451
+ },
452
+ {
453
+ "id": "weak_password_reset_implementation",
454
+ "cvss_v3": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
455
+ "children": [
456
+ {
457
+ "id": "token_leakage_via_host_header_poisoning",
458
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"
459
+ }
460
+ ]
461
+ },
462
+ {
463
+ "id": "mixed_content",
464
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N"
465
+ },
466
+ {
467
+ "id": "sensitive_data_hardcoded",
468
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
469
+ },
470
+ {
471
+ "id": "internal_ip_disclosure",
472
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
473
+ },
474
+ {
475
+ "id": "xssi",
476
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"
477
+ },
478
+ {
479
+ "id": "json_hijacking",
480
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"
481
+ }
482
+ ]
483
+ },
484
+ {
485
+ "id": "cross_site_scripting_xss",
486
+ "children": [
487
+ {
488
+ "id": "stored",
489
+ "children": [
490
+ {
491
+ "id": "non_admin_to_anyone",
492
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"
493
+ },
494
+ {
495
+ "id": "privileged_user_to_privilege_elevation",
496
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"
497
+ },
498
+ {
499
+ "id": "privileged_user_to_no_privilege_elevation",
500
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"
501
+ },
502
+ {
503
+ "id": "url_based",
504
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
505
+ },
506
+ {
507
+ "id": "self",
508
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
509
+ }
510
+ ]
511
+ },
512
+ {
513
+ "id": "reflected",
514
+ "children": [
515
+ {
516
+ "id": "non_self",
517
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
518
+ },
519
+ {
520
+ "id": "self",
521
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
522
+ }
523
+ ]
524
+ },
525
+ {
526
+ "id": "flash_based",
527
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
528
+ },
529
+ {
530
+ "id": "cookie_based",
531
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:N"
532
+ },
533
+ {
534
+ "id": "ie_only",
535
+ "children": [
536
+ {
537
+ "id": "ie_eleven",
538
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
539
+ },
540
+ {
541
+ "id": "xss_filter_disabled",
542
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
543
+ },
544
+ {
545
+ "id": "older_version_ie_eleven",
546
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N"
547
+ }
548
+ ]
549
+ },
550
+ {
551
+ "id": "referer",
552
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
553
+ },
554
+ {
555
+ "id": "trace_method",
556
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
557
+ },
558
+ {
559
+ "id": "universal_uxss",
560
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
561
+ },
562
+ {
563
+ "id": "off_domain",
564
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
565
+ }
566
+ ]
567
+ },
568
+ {
569
+ "id": "broken_access_control",
570
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
571
+ "children": [
572
+ {
573
+ "id": "server_side_request_forgery_ssrf",
574
+ "children": [
575
+ {
576
+ "id": "internal_high_impact",
577
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"
578
+ },
579
+ {
580
+ "id": "internal_scan_and_or_medium_impact",
581
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"
582
+ },
583
+ {
584
+ "id": "external",
585
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"
586
+ }
587
+ ]
588
+ },
589
+ {
590
+ "id": "username_enumeration",
591
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
592
+ }
593
+ ]
594
+ },
595
+ {
596
+ "id": "cross_site_request_forgery_csrf",
597
+ "children": [
598
+ {
599
+ "id": "application_wide",
600
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"
601
+ },
602
+ {
603
+ "id": "action_specific",
604
+ "children": [
605
+ {
606
+ "id": "authenticated_action",
607
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N"
608
+ },
609
+ {
610
+ "id": "unauthenticated_action",
611
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
612
+ },
613
+ {
614
+ "id": "logout",
615
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"
616
+ }
617
+ ]
618
+ },
619
+ {
620
+ "id": "csrf_token_not_unique_per_request",
621
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
622
+ }
623
+ ]
624
+ },
625
+ {
626
+ "id": "application_level_denial_of_service_dos",
627
+ "children": [
628
+ {
629
+ "id": "critical_impact_and_or_easy_difficulty",
630
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
631
+ },
632
+ {
633
+ "id": "high_impact_and_or_medium_difficulty",
634
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
635
+ },
636
+ {
637
+ "id": "app_crash",
638
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
639
+ }
640
+ ]
641
+ },
642
+ {
643
+ "id": "unvalidated_redirects_and_forwards",
644
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
645
+ "children": [
646
+ {
647
+ "id": "open_redirect",
648
+ "children": [
649
+ {
650
+ "id": "get_based",
651
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
652
+ }
653
+ ]
654
+ }
655
+ ]
656
+ },
657
+ {
658
+ "id": "external_behavior",
659
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
660
+ },
661
+ {
662
+ "id": "insufficient_security_configurability",
663
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
664
+ "children": [
665
+ {
666
+ "id": "no_password_policy",
667
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
668
+ },
669
+ {
670
+ "id": "weak_password_reset_implementation",
671
+ "children": [
672
+ {
673
+ "id": "token_is_not_invalidated_after_use",
674
+ "cvss_v3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
675
+ }
676
+ ]
677
+ },
678
+ {
679
+ "id": "weak_two_fa_implementation",
680
+ "children": [
681
+ {
682
+ "id": "two_fa_secret_cannot_be_rotated",
683
+ "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
684
+ },
685
+ {
686
+ "id": "two_fa_secret_remains_obtainable_after_two_fa_is_enabled",
687
+ "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
688
+ }
689
+ ]
690
+ }
691
+ ]
692
+ },
693
+ {
694
+ "id": "using_components_with_known_vulnerabilities",
695
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
696
+ "children": [
697
+ {
698
+ "id": "rosetta_flash",
699
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
700
+ }
701
+ ]
702
+ },
703
+ {
704
+ "id": "insecure_data_storage",
705
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
706
+ "children": [
707
+ {
708
+ "id": "sensitive_application_data_stored_unencrypted",
709
+ "children": [
710
+ {
711
+ "id": "on_external_storage",
712
+ "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
713
+ }
714
+ ]
715
+ },
716
+ {
717
+ "id": "server_side_credentials_storage",
718
+ "children": [
719
+ {
720
+ "id": "plaintext",
721
+ "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N"
722
+ }
723
+ ]
724
+ }
725
+ ]
726
+ },
727
+ {
728
+ "id": "lack_of_binary_hardening",
729
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
730
+ },
731
+ {
732
+ "id": "insecure_data_transport",
733
+ "children": [
734
+ {
735
+ "id": "cleartext_transmission_of_sensitive_data",
736
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
737
+ },
738
+ {
739
+ "id": "executable_download",
740
+ "children": [
741
+ {
742
+ "id": "no_secure_integrity_check",
743
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"
744
+ },
745
+ {
746
+ "id": "secure_integrity_check",
747
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N"
748
+ }
749
+ ]
750
+ }
751
+ ]
752
+ },
753
+ {
754
+ "id": "insecure_os_firmware",
755
+ "children": [
756
+ {
757
+ "id": "command_injection",
758
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
759
+ },
760
+ {
761
+ "id": "hardcoded_password",
762
+ "children": [
763
+ {
764
+ "id": "privileged_user",
765
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
766
+ },
767
+ {
768
+ "id": "non_privileged_user",
769
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
770
+ }
771
+ ]
772
+ }
773
+ ]
774
+ },
775
+ {
776
+ "id": "broken_cryptography",
777
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
778
+ },
779
+ {
780
+ "id": "privacy_concerns",
781
+ "children": [
782
+ {
783
+ "id": "unnecessary_data_collection",
784
+ "children": [
785
+ {
786
+ "id": "wifi_ssid_password",
787
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
788
+ }
789
+ ]
790
+ }
791
+ ]
792
+ },
793
+ {
794
+ "id": "network_security_misconfiguration",
795
+ "children": [
796
+ {
797
+ "id": "telnet_enabled",
798
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
799
+ }
800
+ ]
801
+ },
802
+ {
803
+ "id": "mobile_security_misconfiguration",
804
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
805
+ "children": [
806
+ {
807
+ "id": "clipboard_enabled",
808
+ "children": [
809
+ {
810
+ "id": "on_sensitive_content",
811
+ "cvss_v3": "AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"
812
+ },
813
+ {
814
+ "id": "on_non_sensitive_content",
815
+ "cvss_v3": "AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:N"
816
+ }
817
+ ]
818
+ }
819
+ ]
820
+ },
821
+ {
822
+ "id": "client_side_injection",
823
+ "children": [
824
+ {
825
+ "id": "binary_planting",
826
+ "children": [
827
+ {
828
+ "id": "privilege_escalation",
829
+ "cvss_v3": "AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
830
+ },
831
+ {
832
+ "id": "non_default_folder_privilege_escalation",
833
+ "cvss_v3": "AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"
834
+ },
835
+ {
836
+ "id": "no_privilege_escalation",
837
+ "cvss_v3": "AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N"
838
+ }
839
+ ]
840
+ }
841
+ ]
842
+ },
843
+ {
844
+ "id": "automotive_security_misconfiguration",
845
+ "children": [
846
+ {
847
+ "id": "infotainment",
848
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
849
+ },
850
+ {
851
+ "id": "rf_hub",
852
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
853
+ },
854
+ {
855
+ "id": "can",
856
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
857
+ }
858
+ ]
859
+ }
860
+ ]
861
+ }