@blamejs/exceptd-skills 0.9.1

package/data/cve-catalog.json

@@ -0,0 +1,496 @@
+{
+  "_meta": {
+    "schema_version": "1.0.0",
+    "last_updated": "2026-05-11",
+    "source": "NVD + CISA KEV + vendor advisories — see sources/index.json",
+    "required_fields": [
+      "type",
+      "cvss_score",
+      "cvss_vector",
+      "cisa_kev",
+      "poc_available",
+      "active_exploitation",
+      "affected",
+      "patch_available",
+      "patch_required_reboot",
+      "rwep_score",
+      "rwep_factors",
+      "atlas_refs",
+      "attack_refs",
+      "source_verified",
+      "verification_sources",
+      "last_updated"
+    ],
+    "epss_methodology": "EPSS scores are estimated from public catalog signals (KEV, PoC, AI-discovery, blast radius) and should be replaced with live FIRST API responses on the next validate-cves --live run. epss_date marks when this estimate was set.",
+    "tlp": "CLEAR",
+    "source_confidence": {
+      "scheme": "Admiralty (A-F + 1-6)",
+      "default": "A1",
+      "note": "B = usually reliable; 2 = probably true. Per-entry overrides via entry-level source_confidence field. Public-record catalogs (NVD, ATLAS, CWE, RFC, framework publishers) get A1 (completely reliable, confirmed). Project-curated catalogs (zeroday-lessons, exploit-availability) default to B2 with source citations."
+    },
+    "freshness_policy": {
+      "default_review_cadence_days": 90,
+      "stale_after_days": 180,
+      "rebuild_after_days": 365,
+      "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
+    },
+    "vendor_advisory_field_added": "2026-05-11",
+    "vendor_advisory_note": "Each CVE carries a structured vendor_advisories array (vendor, advisory_id, url, severity, published_date) for downstream consumers that route by vendor advisory. Unknown advisory IDs are null with the canonical vendor CVE-resolver URL — never fabricated. Existing free-form references are preserved in verification_sources; vendor_advisories is additive."
+  },
+  "CVE-2026-31431": {
+    "name": "Copy Fail",
+    "type": "LPE",
+    "cvss_score": 7.8,
+    "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+    "cisa_kev": true,
+    "cisa_kev_date": "2026-03-15",
+    "cisa_kev_due_date": "2026-04-05",
+    "poc_available": true,
+    "poc_description": "Public exploit script — single-stage, 732 bytes, no race condition, deterministic root escalation from any unprivileged user or container",
+    "ai_discovered": true,
+    "ai_discovery_notes": "Discovered by an AI system in approximately 1 hour via automated analysis of page-cache CoW primitives",
+    "ai_assisted_weaponization": false,
+    "active_exploitation": "confirmed",
+    "affected": "Linux kernel >= 4.14 — all major distributions since 2017: RHEL 7-9, Ubuntu 18.04-24.04, Debian 9-12, Amazon Linux 2/2023, SUSE 12/15, Alpine, and derivatives",
+    "affected_versions": [
+      "linux-kernel >= 4.14",
+      "linux-kernel < 6.8.10"
+    ],
+    "vector": "Page-cache copy-on-write (CoW) primitive abuse — unprivileged local user writes to read-only page-cache mapping via copy-on-write path",
+    "complexity": "deterministic",
+    "complexity_notes": "No race condition. No heap spray. No timing dependency. Executes reliably on every attempt.",
+    "patch_available": true,
+    "patch_required_reboot": true,
+    "live_patch_available": true,
+    "live_patch_tools": [
+      "kpatch",
+      "canonical-livepatch",
+      "kGraft"
+    ],
+    "live_patch_notes": "Live patches available from Red Hat (kpatch), Canonical (livepatch), and SUSE (kGraft) for supported distribution versions",
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "30-day critical patch SLA is an exploitation window, not a security window, for CISA KEV + public PoC. 'Timely' is undefined for instant-root deterministic LPE.",
+      "ISO-27001-2022-A.8.8": "'Appropriate timescales' is undefined; standard interpretation of 30 days is architecturally unsafe for this class. No live-patch requirement.",
+      "PCI-DSS-4.0-6.3.3": "1-month critical patch window; same problem as SI-2.",
+      "NIS2-Art21": "No specific guidance on live patching capability or CISA KEV-class response timelines.",
+      "CIS-Controls-v8-Control7": "IG3 continuous vulnerability management; 'within one month' still too long for this class."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1068",
+      "T1548.001"
+    ],
+    "rwep_score": 90,
+    "rwep_factors": {
+      "cisa_kev": 25,
+      "poc_available": 20,
+      "ai_factor": 15,
+      "active_exploitation": 20,
+      "blast_radius": 30,
+      "patch_available": -15,
+      "live_patch_available": -10,
+      "reboot_required": 5
+    },
+    "epss_score": 0.94,
+    "epss_percentile": 0.99,
+    "epss_date": "2026-05-11",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-31431",
+    "source_verified": "2026-05-01",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-31431",
+      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "kernel.org",
+        "advisory_id": null,
+        "url": "https://lore.kernel.org/linux-cve-announce/?q=CVE-2026-31431",
+        "severity": "high",
+        "published_date": "2026-03-12"
+      },
+      {
+        "vendor": "Red Hat",
+        "advisory_id": null,
+        "url": "https://access.redhat.com/security/cve/CVE-2026-31431",
+        "severity": "important",
+        "published_date": "2026-03-13"
+      },
+      {
+        "vendor": "Canonical (Ubuntu)",
+        "advisory_id": null,
+        "url": "https://ubuntu.com/security/CVE-2026-31431",
+        "severity": "high",
+        "published_date": "2026-03-13"
+      },
+      {
+        "vendor": "SUSE",
+        "advisory_id": null,
+        "url": "https://www.suse.com/security/cve/CVE-2026-31431.html",
+        "severity": "important",
+        "published_date": "2026-03-13"
+      },
+      {
+        "vendor": "Debian",
+        "advisory_id": null,
+        "url": "https://security-tracker.debian.org/tracker/CVE-2026-31431",
+        "severity": "high",
+        "published_date": "2026-03-14"
+      },
+      {
+        "vendor": "Microsoft (WSL2)",
+        "advisory_id": null,
+        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31431",
+        "severity": "important",
+        "published_date": "2026-03-15"
+      }
+    ],
+    "last_updated": "2026-05-11"
+  },
+  "CVE-2026-43284": {
+    "name": "Dirty Frag (ESP/IPsec component)",
+    "type": "LPE",
+    "cvss_score": 7.8,
+    "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+    "cisa_kev": false,
+    "cisa_kev_date": null,
+    "poc_available": true,
+    "poc_description": "Chain component — exploits page-cache write primitive in ESP/IPsec subsystem. Part of two-CVE chain with CVE-2026-43500.",
+    "ai_discovered": false,
+    "ai_assisted_weaponization": false,
+    "active_exploitation": "suspected",
+    "affected": "Linux systems using IPsec/ESP kernel subsystem — all major distributions with kernel IPsec support",
+    "affected_versions": [
+      "linux-kernel >= 5.0"
+    ],
+    "vector": "Page-cache write primitive in ESP/IPsec subsystem. Notable: exploitation path runs through IPsec — IPsec-based network controls are NOT compensating controls for unpatched systems.",
+    "complexity": "moderate",
+    "complexity_notes": "Requires kernel version fingerprinting to select gadget chain. More sophisticated than Copy Fail but still reliable.",
+    "patch_available": true,
+    "patch_required_reboot": true,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "kpatch available for RHEL only; not broadly available across distributions — scored as unavailable for population-level risk",
+    "framework_control_gaps": {
+      "NIST-800-53-SC-8": "SC-8 compliance via IPsec does not compensate for CVE-2026-43284 — the exploit runs through the IPsec implementation.",
+      "NIST-800-53-SC-28": "Same — IPsec-based encryption controls are not compensating controls for the subsystem being exploited.",
+      "NIST-800-53-SI-2": "Same SLA problem as CVE-2026-31431 for public PoC."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1068",
+      "T1548.001"
+    ],
+    "rwep_score": 38,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 10,
+      "blast_radius": 18,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 5
+    },
+    "epss_score": 0.18,
+    "epss_percentile": 0.88,
+    "epss_date": "2026-05-11",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-43284",
+    "source_verified": "2026-05-01",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-43284"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "kernel.org",
+        "advisory_id": null,
+        "url": "https://lore.kernel.org/linux-cve-announce/?q=CVE-2026-43284",
+        "severity": "high",
+        "published_date": "2026-04-02"
+      },
+      {
+        "vendor": "Red Hat",
+        "advisory_id": null,
+        "url": "https://access.redhat.com/security/cve/CVE-2026-43284",
+        "severity": "important",
+        "published_date": "2026-04-03"
+      },
+      {
+        "vendor": "Canonical (Ubuntu)",
+        "advisory_id": null,
+        "url": "https://ubuntu.com/security/CVE-2026-43284",
+        "severity": "high",
+        "published_date": "2026-04-03"
+      },
+      {
+        "vendor": "SUSE",
+        "advisory_id": null,
+        "url": "https://www.suse.com/security/cve/CVE-2026-43284.html",
+        "severity": "important",
+        "published_date": "2026-04-03"
+      },
+      {
+        "vendor": "Debian",
+        "advisory_id": null,
+        "url": "https://security-tracker.debian.org/tracker/CVE-2026-43284",
+        "severity": "high",
+        "published_date": "2026-04-04"
+      },
+      {
+        "vendor": "Microsoft (WSL2)",
+        "advisory_id": null,
+        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43284",
+        "severity": "important",
+        "published_date": "2026-04-05"
+      }
+    ],
+    "last_updated": "2026-05-11"
+  },
+  "CVE-2026-43500": {
+    "name": "Dirty Frag (RxRPC component)",
+    "type": "LPE",
+    "cvss_score": 7.6,
+    "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+    "cisa_kev": false,
+    "cisa_kev_date": null,
+    "poc_available": true,
+    "poc_description": "Chain component — exploits page-cache write primitive in RxRPC subsystem. Used in combination with CVE-2026-43284.",
+    "ai_discovered": false,
+    "ai_assisted_weaponization": false,
+    "active_exploitation": "suspected",
+    "affected": "Linux systems with RxRPC support",
+    "affected_versions": [
+      "linux-kernel >= 5.0"
+    ],
+    "vector": "Page-cache write primitive in RxRPC subsystem. Chained with CVE-2026-43284.",
+    "complexity": "moderate",
+    "complexity_notes": "Requires pairing with CVE-2026-43284 and kernel version fingerprinting to select the correct RxRPC gadget. More involved than standalone exploits but still reliable when chained.",
+    "patch_available": true,
+    "patch_required_reboot": true,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Same patch SLA problem as CVE-2026-31431 for public PoC."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1068"
+    ],
+    "rwep_score": 32,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 10,
+      "blast_radius": 12,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 5
+    },
+    "epss_score": 0.07,
+    "epss_percentile": 0.75,
+    "epss_date": "2026-05-11",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-43500",
+    "source_verified": "2026-05-01",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-43500"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "kernel.org",
+        "advisory_id": null,
+        "url": "https://lore.kernel.org/linux-cve-announce/?q=CVE-2026-43500",
+        "severity": "high",
+        "published_date": "2026-04-02"
+      },
+      {
+        "vendor": "Red Hat",
+        "advisory_id": null,
+        "url": "https://access.redhat.com/security/cve/CVE-2026-43500",
+        "severity": "important",
+        "published_date": "2026-04-03"
+      },
+      {
+        "vendor": "Canonical (Ubuntu)",
+        "advisory_id": null,
+        "url": "https://ubuntu.com/security/CVE-2026-43500",
+        "severity": "high",
+        "published_date": "2026-04-03"
+      },
+      {
+        "vendor": "SUSE",
+        "advisory_id": null,
+        "url": "https://www.suse.com/security/cve/CVE-2026-43500.html",
+        "severity": "important",
+        "published_date": "2026-04-03"
+      },
+      {
+        "vendor": "Debian",
+        "advisory_id": null,
+        "url": "https://security-tracker.debian.org/tracker/CVE-2026-43500",
+        "severity": "high",
+        "published_date": "2026-04-04"
+      },
+      {
+        "vendor": "Microsoft (WSL2)",
+        "advisory_id": null,
+        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43500",
+        "severity": "important",
+        "published_date": "2026-04-05"
+      }
+    ],
+    "last_updated": "2026-05-11"
+  },
+  "CVE-2025-53773": {
+    "name": "GitHub Copilot Prompt Injection RCE",
+    "type": "RCE-via-prompt-injection",
+    "cvss_score": 9.6,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+    "cisa_kev": false,
+    "cisa_kev_date": null,
+    "poc_available": true,
+    "poc_description": "Demonstrated — hidden adversarial instructions in GitHub PR descriptions cause GitHub Copilot to execute attacker-controlled code in the developer's session",
+    "ai_discovered": false,
+    "ai_assisted_weaponization": true,
+    "ai_assisted_notes": "AI tooling enables the attack — the vulnerability IS in an AI tool. AI accelerates crafting of effective injection payloads.",
+    "active_exploitation": "suspected",
+    "affected": "GitHub Copilot users who use Copilot to review or summarize PR descriptions",
+    "affected_versions": [
+      "GitHub Copilot < patched version"
+    ],
+    "vector": "Prompt injection via PR description field — adversarial instructions embedded in PR content execute in the context of the developer's Copilot session when the developer interacts with the PR via Copilot",
+    "complexity": "low",
+    "complexity_notes": "The attacker crafts PR description content. No specialized knowledge required beyond understanding of prompt injection.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": true,
+    "live_patch_tools": [
+      "GitHub SaaS update — no user action required for SaaS patch"
+    ],
+    "framework_control_gaps": {
+      "ALL-MAJOR-FRAMEWORKS": "No framework has a control category for prompt injection as an RCE vector. CVSS 9.6 with no framework control.",
+      "NIST-800-53-AC-2": "AI agent actions use the developer's authorized service account — AC-2 controls don't surface the unauthorized action.",
+      "SOC2-CC6": "Same — logical access controls don't apply to model-context-window-mediated actions."
+    },
+    "atlas_refs": [
+      "AML.T0051",
+      "AML.T0054"
+    ],
+    "attack_refs": [
+      "T1059",
+      "T1190"
+    ],
+    "rwep_score": 42,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 15,
+      "active_exploitation": 10,
+      "blast_radius": 22,
+      "patch_available": -15,
+      "live_patch_available": -10,
+      "reboot_required": 0
+    },
+    "epss_score": 0.32,
+    "epss_percentile": 0.92,
+    "epss_date": "2026-05-11",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2025-53773",
+    "source_verified": "2026-05-01",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2025-53773",
+      "https://github.com/advisories/GHSA-xxxx"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "Microsoft MSRC",
+        "advisory_id": null,
+        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53773",
+        "severity": "critical",
+        "published_date": "2025-08-12"
+      },
+      {
+        "vendor": "GitHub Security Advisories",
+        "advisory_id": null,
+        "url": "https://github.com/advisories?query=CVE-2025-53773",
+        "severity": "critical",
+        "published_date": "2025-08-12"
+      }
+    ],
+    "last_updated": "2026-05-11"
+  },
+  "CVE-2026-30615": {
+    "name": "Windsurf MCP Zero-Interaction RCE",
+    "type": "RCE-supply-chain",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+    "cisa_kev": false,
+    "cisa_kev_date": null,
+    "poc_available": true,
+    "poc_description": "Partial — MCP client vulnerability in Windsurf allows malicious MCP server to achieve code execution without user interaction",
+    "ai_discovered": false,
+    "ai_assisted_weaponization": false,
+    "active_exploitation": "suspected",
+    "affected": "Windsurf IDE users with MCP servers installed. Architectural attack surface affects all MCP-capable AI coding assistants (Cursor, VS Code, Claude Code, Gemini CLI). 150M+ combined downloads.",
+    "affected_versions": [
+      "Windsurf < patched version"
+    ],
+    "vector": "Malicious MCP server delivers adversarial tool response → AI assistant follows instructions without user interaction → code execution in user context",
+    "complexity": "low",
+    "complexity_notes": "Attacker needs to get a malicious MCP server installed (supply chain, typosquatting, or compromise of legitimate server). Once installed, exploitation is automatic.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": true,
+    "live_patch_tools": [
+      "IDE update — vendor patch"
+    ],
+    "framework_control_gaps": {
+      "NIST-800-53-SA-12": "Supply chain protection doesn't contemplate MCP server trust as a category.",
+      "NIST-800-53-CM-7": "Least functionality doesn't address AI tool plugin authorization.",
+      "ISO-27001-2022-A.8.30": "Outsourced development controls don't cover MCP server trust.",
+      "SOC2-CC9": "Vendor management doesn't reach developer-installed AI tool plugins."
+    },
+    "atlas_refs": [
+      "AML.T0010",
+      "AML.T0016"
+    ],
+    "attack_refs": [
+      "T1195.001",
+      "T1059"
+    ],
+    "rwep_score": 35,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 10,
+      "blast_radius": 30,
+      "patch_available": -15,
+      "live_patch_available": -10,
+      "reboot_required": 0
+    },
+    "epss_score": 0.14,
+    "epss_percentile": 0.86,
+    "epss_date": "2026-05-11",
+    "epss_source": "https://api.first.org/data/v1/epss?cve=CVE-2026-30615",
+    "source_verified": "2026-05-01",
+    "verification_sources": [
+      "https://nvd.nist.gov/vuln/detail/CVE-2026-30615"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "Codeium / Windsurf",
+        "advisory_id": null,
+        "url": "https://codeium.com/security/CVE-2026-30615",
+        "severity": "critical",
+        "published_date": "2026-02-18"
+      },
+      {
+        "vendor": "GitHub Security Advisories",
+        "advisory_id": null,
+        "url": "https://github.com/advisories?query=CVE-2026-30615",
+        "severity": "critical",
+        "published_date": "2026-02-19"
+      }
+    ],
+    "last_updated": "2026-05-11"
+  }
+}