regscale-cli 6.16.1.0__py3-none-any.whl → 6.16.3.0__py3-none-any.whl

regscale/integrations/public/fedramp/fedramp_common.py

@@ -1878,11 +1878,11 @@ def check_control_list_length(ssp_obj: SSP, mapping: dict) -> Optional[list]:
         return missing_controls
 
 
-def log_controls_info(ssp_obj: dict, current_imps: List[dict]) -> None:
+def log_controls_info(ssp_obj: SSP, current_imps: List[dict]) -> None:
     """
     Log controls info
 
-    :param dict ssp_obj: SSP object
+    :param SSP ssp_obj: SSP object
     :param List[dict] current_imps: List of current implementations
     :return None:
     :rtype None:
@@ -2305,8 +2305,8 @@ def fetch_existing_stakeholders(api: Api, config: dict, regscale_ssp: dict) -> l
     if response.ok:
         logger.info(
             f"Found {len(response.json())} existing stakeholders",
-            record_type="stackholders",
-            model_layer="stackholders",
+            record_type="stakeholders",
+            model_layer="stakeholders",
         )
         return response.json()
     return []

regscale/integrations/public/fedramp/inventory_items.py

@@ -59,7 +59,7 @@ def get_dict_value(outer_key: str, inner_key: str, source_dict: Dict) -> Optiona
     outer_dict = source_dict.get(outer_key, None)
     if outer_dict is not None and isinstance(outer_dict, dict):
         val = outer_dict.get(inner_key, None)
-        logger.info(f"{val}")
+        logger.debug(f"{val=}")
         return val
     return None
 
@@ -205,8 +205,8 @@ def parse_inventory_items(trv: FedrampTraversal, components_dict: Dict):
 
                 for imp_component in implemented_components:
                     if not isinstance(components_dict, dict):
-                        logger.info(components_dict)
-                        logger.info("components do not exist yet")
+                        logger.debug(components_dict)
+                        logger.info("Components do not exist yet.")
                         continue
                     comp = components_dict.get(imp_component.get("component_uuid"))
                     comp_id = comp.get("id") if comp else None

regscale/integrations/scanner_integration.py

@@ -9,12 +9,12 @@ import enum
 import hashlib
 import json
 import logging
-import re
 import threading
 import time
 from abc import ABC, abstractmethod
 from collections import defaultdict
-from typing import Any, Dict, Generic, Iterator, List, Optional, Set, TypeVar, Union
+from concurrent.futures import ThreadPoolExecutor
+from typing import Any, Dict, Generic, Iterator, List, Optional, Set, TypeVar, Union, Callable
 
 from rich.progress import Progress, TaskID
 
@@ -269,6 +269,10 @@ class IntegrationAsset:
     other_cloud_identifier: Optional[str] = None
     patch_level: Optional[str] = None
     cpe: Optional[str] = None
+    is_latest_scan: Optional[bool] = None
+    is_authenticated_scan: Optional[bool] = None
+    system_administrator_id: Optional[str] = None
+    scanning_tool: Optional[str] = None
 
     source_data: Optional[Dict[str, Any]] = None
     url: Optional[str] = None
@@ -345,6 +349,15 @@ class IntegrationFinding:
     :param Optional[str] remediation: The remediation of the finding, defaults to None.
     :param Optional[str] source_rule_id: The source rule ID of the finding, defaults to None.
     :param Optional[str] poam_id: The POAM ID of the finding, defaults to None.
+    :param Optional[str] cvss_v3_vector: The CVSS v3 vector of the finding, defaults to None.
+    :param Optional[str] cvss_v2_vector: The CVSS v2 vector of the finding, defaults to None.
+    :param Optional[str] affected_os: The affected OS of the finding, defaults to None.
+    :param Optional[str] image_digest: The image digest of the finding, defaults to None.
+    :param Optional[str] affected_packages: The affected packages of the finding, defaults to None.
+    :param Optional[str] installed_versions: The installed versions of the finding, defaults to None.
+    :param Optional[str] fixed_versions: The fixed versions of the finding, defaults to None.
+    :param Optional[str] fix_status: The fix status of the finding, defaults to None.
+    :param Optional[str] build_version: The build version of the finding, defaults to None.
     """
 
     control_labels: List[str]
@@ -364,9 +377,20 @@ class IntegrationFinding:
     cvss_v2_score: Optional[float] = None
     ip_address: Optional[str] = None
     plugin_id: Optional[str] = None
+    plugin_text: Optional[str] = None
     dns: Optional[str] = None
     severity_int: int = 0
     security_check: Optional[str] = None
+    cvss_v3_vector: Optional[str] = None
+    cvss_v2_vector: Optional[str] = None
+    affected_os: Optional[str] = None
+    package_path: Optional[str] = None
+    image_digest: Optional[str] = None
+    affected_packages: Optional[str] = None
+    installed_versions: Optional[str] = None
+    fixed_versions: Optional[str] = None
+    fix_status: Optional[str] = None
+    build_version: Optional[str] = None
 
     # Issues
     issue_title: str = ""
@@ -391,6 +415,7 @@ class IntegrationFinding:
     risk_adjustment: str = "No"
     operational_requirements: Optional[str] = None
     deviation_rationale: Optional[str] = None
+    is_cwe: bool = False
 
     poam_comments: Optional[str] = None
     vulnerability_id: Optional[int] = None
@@ -1048,6 +1073,10 @@ class ScannerIntegration(ABC):
             softwareVersion=asset.software_version,
             softwareName=asset.software_name,
             softwareVendor=asset.software_vendor,
+            bLatestScan=asset.is_latest_scan,
+            bAuthenticatedScan=asset.is_authenticated_scan,
+            systemAdministratorId=asset.system_administrator_id,
+            scanningTool=asset.scanning_tool,
         )
         if self.asset_identifier_field:
             setattr(new_asset, self.asset_identifier_field, asset.identifier)
@@ -1211,34 +1240,126 @@ class ScannerIntegration(ABC):
 
     def _process_assets(self, assets: Iterator[IntegrationAsset], loading_assets: TaskID) -> int:
         """
-        Processes the assets using single or multi-threaded approach based on THREAD_MAX_WORKERS.
+        Process assets using single or multi-threaded approach based on THREAD_MAX_WORKERS.
 
-        :param Iterator[IntegrationAsset] assets: The assets to process
-        :param TaskID loading_assets: The task ID for the progress bar
-        :return: The number of assets processed
+        :param Iterator[IntegrationAsset] assets: Assets to process
+        :param TaskID loading_assets: Task ID for the progress bar
+        :return: Number of assets processed
         :rtype: int
         """
-        assets_processed = 0
-        # prime cache
+        self._prime_asset_cache()
+        process_func = self._create_process_function(loading_assets)
+        max_workers = get_thread_workers_max()
+
+        if max_workers == 1:
+            return self._process_single_threaded(assets, process_func)
+        return self._process_multi_threaded(assets, process_func, max_workers)
+
+    def _prime_asset_cache(self) -> None:
+        """
+        Prime the asset cache by fetching assets for the given plan.
+
+        :rtype: None
+        """
         regscale_models.Asset.get_all_by_parent(
             parent_id=self.plan_id, parent_module=regscale_models.SecurityPlan.get_module_string()
         )
 
-        process_func = lambda my_asset: self._process_single_asset(my_asset, loading_assets)  # noqa: E731
+    def _create_process_function(self, loading_assets: TaskID) -> Callable[[IntegrationAsset], bool]:
+        """
+        Create a function to process a single asset.
+
+        :param TaskID loading_assets: Task ID for the progress bar
+        :return: Function that processes an asset and returns success status
+        :rtype: Callable[[IntegrationAsset], bool]
+        """
+        return lambda asset: self._process_single_asset(asset, loading_assets)
+
+    def _process_single_threaded(
+        self, assets: Iterator[IntegrationAsset], process_func: Callable[[IntegrationAsset], bool]
+    ) -> int:
+        """
+        Process assets sequentially in a single thread.
+
+        :param Iterator[IntegrationAsset] assets: Assets to process
+        :param Callable[[IntegrationAsset], bool] process_func: Function to process each asset
+        :return: Number of assets processed
+        :rtype: int
+        """
+        assets_processed = 0
+        for asset in assets:
+            if process_func(asset):
+                assets_processed = self._update_processed_count(assets_processed)
+        return assets_processed
+
+    def _process_multi_threaded(
+        self, assets: Iterator[IntegrationAsset], process_func: Callable[[IntegrationAsset], bool], max_workers: int
+    ) -> int:
+        """
+        Process assets in batches using multiple threads.
+
+        :param Iterator[IntegrationAsset] assets: Assets to process
+        :param Callable[[IntegrationAsset], bool] process_func: Function to process each asset
+        :param int max_workers: Maximum number of worker threads
+        :return: Number of assets processed
+        :rtype: int
+        """
+        batch_size = max_workers * 2
+        assets_processed = 0
+
+        with ThreadPoolExecutor(max_workers=max_workers) as executor:
+            batch = []
+            futures = []
 
-        if get_thread_workers_max() == 1:
             for asset in assets:
-                if process_func(asset):
-                    assets_processed = self._update_processed_count(assets_processed)
-        else:
-            with concurrent.futures.ThreadPoolExecutor(max_workers=get_thread_workers_max()) as executor:
-                future_to_asset = {executor.submit(process_func, asset): asset for asset in assets}
-                for future in concurrent.futures.as_completed(future_to_asset):
-                    if future.result():
-                        assets_processed = self._update_processed_count(assets_processed)
+                batch.append(asset)
+                if len(batch) >= batch_size:
+                    assets_processed += self._submit_and_process_batch(executor, process_func, batch, futures)
+                    batch = []
+                    futures = []
+
+            if batch:  # Process any remaining items
+                assets_processed += self._submit_and_process_batch(executor, process_func, batch, futures)
+
+        return assets_processed
+
+    def _submit_and_process_batch(
+        self,
+        executor: ThreadPoolExecutor,
+        process_func: Callable[[IntegrationAsset], bool],
+        batch: List[IntegrationAsset],
+        futures: List,
+    ) -> int:
+        """
+        Submit a batch of assets for processing and count successful completions.
+
+        :param ThreadPoolExecutor executor: Thread pool executor for parallel processing
+        :param Callable[[IntegrationAsset], bool] process_func: Function to process each asset
+        :param List[IntegrationAsset] batch: Batch of assets to process
+        :param List futures: List to store future objects
+        :return: Number of assets processed in this batch
+        :rtype: int
+        """
+        assets_processed = 0
+        for asset in batch:
+            futures.append(executor.submit(process_func, asset))
+
+        for future in concurrent.futures.as_completed(futures):
+            if future.result():
+                assets_processed = self._update_processed_count(assets_processed)
 
         return assets_processed
 
+    def _update_processed_count(self, current_count: int) -> int:
+        """
+        Increment the processed count.
+
+        :param int current_count: Current number of processed items
+        :return: Updated count
+        :rtype: int
+        """
+        return current_count + 1
+
     def _process_single_asset(self, asset: IntegrationAsset, loading_assets: TaskID) -> bool:
         """
         Processes a single asset and handles any exceptions.
@@ -1430,7 +1551,7 @@ class ScannerIntegration(ABC):
         issue.issueOwnerId = self.assessor_id
         issue.securityPlanId = self.plan_id
         issue.identification = "Vulnerability Assessment"
-        issue.dateFirstDetected = finding.date_created
+        issue.dateFirstDetected = finding.first_seen
         issue.dueDate = finding.due_date
         issue.description = description
         issue.sourceReport = finding.source_report or self.title
@@ -1476,15 +1597,34 @@ class ScannerIntegration(ABC):
                 bulk_update=True, defaults={"otherIdentifier": self._get_other_identifier(finding, is_poam)}
             )
 
+        self._handle_property_creation_for_issue(issue, finding)
+        return issue
+
+    def _handle_property_creation_for_issue(self, issue: regscale_models.Issue, finding: IntegrationFinding) -> None:
+        """
+        Handles property creation for an issue based on the finding data
+
+        :param regscale_models.Issue issue: The issue to handle properties for
+        :param IntegrationFinding finding: The finding data
+        :rtype: None
+        """
         if poc := finding.point_of_contact:
-            _ = regscale_models.Property(
+            regscale_models.Property(
                 key="POC",
                 value=poc,
                 parentId=issue.id,
                 parentModule="issues",
-            ).create_or_update(bulk_create=True, bulk_update=True)
+            ).create_or_update()
+            logger.debug("Added POC property %s to issue %s", poc, issue.id)
 
-        return issue
+        if finding.is_cwe:
+            regscale_models.Property(
+                key="CWE",
+                value=finding.plugin_id,
+                parentId=issue.id,
+                parentModule="issues",
+            ).create_or_update()
+            logger.debug("Added CWE property %s to issue %s", finding.plugin_id, issue.id)
 
     @staticmethod
     def get_consolidated_asset_identifier(
@@ -1608,15 +1748,16 @@ class ScannerIntegration(ABC):
         :param IntegrationFinding finding: The finding data that has failed
         :rtype: None
         """
-        logger.debug("Creating issue for failing finding %s", finding.external_id)
-        found_issue = self.create_or_update_issue_from_finding(
-            title=issue_title,
-            finding=finding,
-        )
-        # Update the control implementation status to NOT_IMPLEMENTED since we have a failing finding
-        if found_issue.controlImplementationIds:
-            for control_id in found_issue.controlImplementationIds:
-                self.update_control_implementation_status_after_close(control_id)
+        if ScannerVariables.vulnerabilityCreation.lower() != "noissue":
+            logger.debug("Creating issue for failing finding %s", finding.external_id)
+            found_issue = self.create_or_update_issue_from_finding(
+                title=issue_title,
+                finding=finding,
+            )
+            # Update the control implementation status to NOT_IMPLEMENTED since we have a failing finding
+            if found_issue.controlImplementationIds:
+                for control_id in found_issue.controlImplementationIds:
+                    self.update_control_implementation_status_after_close(control_id)
 
     def handle_failing_checklist(
         self,
@@ -1844,9 +1985,8 @@ class ScannerIntegration(ABC):
         scan_history = self.create_scan_history()
         current_vulnerabilities: Dict[int, Set[int]] = defaultdict(set)
         processed_findings_count = 0
-        findings_to_process = self.num_findings_to_process
         loading_findings = self.finding_progress.add_task(
-            f"[#f8b737]Processing {f'{findings_to_process} ' if findings_to_process else ''}finding(s) from {self.title}",
+            f"[#f8b737]Processing {f'{self.num_findings_to_process} ' if self.num_findings_to_process else ''}finding(s) from {self.title}",
             total=self.num_findings_to_process if self.num_findings_to_process else None,
         )
 
@@ -1865,13 +2005,11 @@ class ScannerIntegration(ABC):
                 self.process_finding(finding_to_process, scan_history, current_vulnerabilities)
                 with count_lock:
                     processed_findings_count += 1
-                    if findings_to_process and self.finding_progress.tasks[loading_findings].total != float(
-                        findings_to_process
-                    ):
+                    if self.num_findings_to_process:
                         self.finding_progress.update(
                             loading_findings,
-                            total=findings_to_process,
-                            description=f"[#f8b737]Processing {findings_to_process} findings from {self.title}.",
+                            total=self.num_findings_to_process,
+                            description=f"[#f8b737]Processing {self.num_findings_to_process} findings from {self.title}.",
                         )
                     self.finding_progress.advance(loading_findings, 1)
             except Exception as exc:
@@ -1885,13 +2023,27 @@ class ScannerIntegration(ABC):
             for finding in findings:
                 process_finding_with_progress(finding)
         else:
+            # Process findings in batches to control memory usage
+            batch_size = get_thread_workers_max() * 2  # Set batch size based on thread count
             with concurrent.futures.ThreadPoolExecutor(max_workers=get_thread_workers_max()) as executor:
-                list(executor.map(process_finding_with_progress, findings))
+                batch = []
+                for finding in findings:
+                    batch.append(finding)
+                    if len(batch) >= batch_size:
+                        # Process this batch
+                        list(executor.map(process_finding_with_progress, batch))
+                        # Clear the batch
+                        batch = []
+
+                # Process any remaining items
+                if batch:
+                    list(executor.map(process_finding_with_progress, batch))
 
         # Close outdated issues
         self._results["scan_history"] = scan_history.save()
         self.update_result_counts("issues", regscale_models.Issue.bulk_save(progress_context=self.finding_progress))
         self.close_outdated_issues(current_vulnerabilities)
+        self._perform_batch_operations(self.finding_progress)
 
         return processed_findings_count
 
@@ -2068,6 +2220,9 @@ class ScannerIntegration(ABC):
                 finding.vpr_score if hasattr(finding, "vprScore") else None
             ),  # If this is the VPR score, otherwise use a different field
             cvsSv3BaseScore=finding.cvss_v3_base_score or finding.cvss_v3_score or finding.cvss_score,
+            cvsSv2BaseScore=finding.cvss_v2_score,
+            cvsSv3BaseVector=finding.cvss_v3_vector,
+            cvsSv2BaseVector=finding.cvss_v2_vector,
             scanId=scan_history.id,
             severity=self.issue_to_vulnerability_map.get(finding.severity, regscale_models.VulnerabilitySeverity.Low),
             description=finding.description,
@@ -2082,27 +2237,35 @@ class ScannerIntegration(ABC):
             plugInName=finding.cve or finding.plugin_name,  # Use CVE if available, otherwise use plugin name
             plugInId=finding.plugin_id,
             exploitAvailable=None,  # Set this if you have information about exploit availability
-            plugInText=finding.observations,  # or finding.evidence, whichever is more appropriate
+            plugInText=finding.plugin_text
+            or finding.observations,  # or finding.evidence, whichever is more appropriate
             port=finding.port if hasattr(finding, "port") else None,
             protocol=finding.protocol if hasattr(finding, "protocol") else None,
             operatingSystem=asset.operating_system if hasattr(asset, "operating_system") else None,
+            fixedVersions=finding.fixed_versions,
+            buildVersion=finding.build_version,
+            fixStatus=finding.fix_status,
+            installedVersions=finding.installed_versions,
+            affectedOS=finding.affected_os,
+            packagePath=finding.package_path,
+            imageDigest=finding.image_digest,
+            affectedPackages=finding.affected_packages,
         )
 
         vulnerability = vulnerability.create_or_update()
-        if re.match(r"^\d+\.\d+(\.\d+){0,2}$", self.regscale_version) or self.regscale_version >= "5.64.0":
-            regscale_models.VulnerabilityMapping(
-                vulnerabilityId=vulnerability.id,
-                assetId=asset.id,
-                scanId=scan_history.id,
-                securityPlansId=self.plan_id,
-                createdById=self.assessor_id,
-                tenantsId=self.tenant_id,
-                isPublic=True,
-                dateCreated=get_current_datetime(),
-                firstSeen=finding.first_seen,
-                lastSeen=finding.last_seen,
-                status=finding.status,
-            ).create_unique()
+        regscale_models.VulnerabilityMapping(
+            vulnerabilityId=vulnerability.id,
+            assetId=asset.id,
+            scanId=scan_history.id,
+            securityPlansId=self.plan_id,
+            createdById=self.assessor_id,
+            tenantsId=self.tenant_id,
+            isPublic=True,
+            dateCreated=get_current_datetime(),
+            firstSeen=finding.first_seen,
+            lastSeen=finding.last_seen,
+            status=finding.status,
+        ).create_unique()
         return vulnerability
 
     def handle_vulnerability(
@@ -2131,11 +2294,12 @@ class ScannerIntegration(ABC):
         vulnerability = self.create_vulnerability_from_finding(finding, asset, scan_history)
         finding.vulnerability_id = vulnerability.id
 
-        # Handle associated issue
-        self.create_or_update_issue_from_finding(
-            title=finding.title,
-            finding=finding,
-        )
+        if ScannerVariables.vulnerabilityCreation.lower() != "noissue":
+            # Handle associated issue
+            self.create_or_update_issue_from_finding(
+                title=finding.title,
+                finding=finding,
+            )
 
         return vulnerability.id
 
@@ -2492,6 +2656,8 @@ class ScannerIntegration(ABC):
         created_count = instance._results.get("assets", {}).get("created_count", 0)
         updated_count = instance._results.get("assets", {}).get("updated_count", 0)
         dedupe_count = assets_processed - (created_count + updated_count)
+        # Ensure dedupe_count is always a positive value
+        dedupe_count = dedupe_count if dedupe_count >= 0 else dedupe_count * -1
         logger.info(
             "%d assets processed and %d asset(s) deduped. %d asset(s) created & %d asset(s) updated in RegScale.",
             assets_processed,

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,67 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.03.19",
-    "dateReleased": "2025-03-19T18:00:10.5417Z",
-    "count": 1307,
+    "catalogVersion": "2025.03.27",
+    "dateReleased": "2025-03-27T17:55:47.8204Z",
+    "count": 1311,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-2783",
+            "vendorProject": "Google",
+            "product": "Chromium Mojo",
+            "vulnerabilityName": "Google Chromium Mojo Sandbox Escape Vulnerability",
+            "dateAdded": "2025-03-27",
+            "shortDescription": "Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-17",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/chromereleases.googleblog.com\/2025\/03\/stable-channel-update-for-desktop_25.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-2783",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2019-9875",
+            "vendorProject": "Sitecore",
+            "product": "CMS and Experience Platform (XP)",
+            "vulnerabilityName": "Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability",
+            "dateAdded": "2025-03-26",
+            "shortDescription": "Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-16",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.sitecore.com\/kb?id=kb_article_view&sysparm_article=KB0038556 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-9875",
+            "cwes": [
+                "CWE-502"
+            ]
+        },
+        {
+            "cveID": "CVE-2019-9874",
+            "vendorProject": "Sitecore",
+            "product": "CMS and Experience Platform (XP)",
+            "vulnerabilityName": "Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability",
+            "dateAdded": "2025-03-26",
+            "shortDescription": "Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-16",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.sitecore.com\/kb?id=kb_article_view&sysparm_article=KB0334035 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-9874",
+            "cwes": [
+                "CWE-502"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-30154",
+            "vendorProject": "reviewdog",
+            "product": "action-setup GitHub Action",
+            "vulnerabilityName": "reviewdog\/action-setup GitHub Action Embedded Malicious Code Vulnerability",
+            "dateAdded": "2025-03-24",
+            "shortDescription": "reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-14",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/03\/18\/supply-chain-compromise-third-party-tj-actionschanged-files-cve-2025-30066-and-reviewdogaction ; Additional References: https:\/\/github.com\/reviewdog\/reviewdog\/security\/advisories\/GHSA-qmg3-hpqr-gqvc ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30154",
+            "cwes": [
+                "CWE-506"
+            ]
+        },
         {
             "cveID": "CVE-2017-12637",
             "vendorProject": "SAP",
@@ -55,11 +113,11 @@
             "product": "changed-files GitHub Action",
             "vulnerabilityName": "tj-actions\/changed-files GitHub Action Embedded Malicious Code Vulnerability",
             "dateAdded": "2025-03-18",
-            "shortDescription": "The tj-actions\/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading actions logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens (PATs), npm tokens, and private RSA keys.",
+            "shortDescription": "tj-actions\/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens (PATs), npm tokens, and private RSA keys.",
             "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-04-08",
             "knownRansomwareCampaignUse": "Unknown",
-            "notes": "https:\/\/github.com\/tj-actions\/changed-files\/blob\/45fb12d7a8bedb4da42342e52fe054c6c2c3fd73\/README.md?plain=1#L20-L28 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30066",
+            "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/03\/18\/supply-chain-compromise-third-party-tj-actionschanged-files-cve-2025-30066-and-reviewdogaction ; Additional References: https:\/\/github.com\/tj-actions\/changed-files\/blob\/45fb12d7a8bedb4da42342e52fe054c6c2c3fd73\/README.md?plain=1#L20-L28 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30066",
             "cwes": [
                 "CWE-506"
             ]
@@ -2949,7 +3007,7 @@
         {
             "cveID": "CVE-2024-4761",
             "vendorProject": "Google",
-            "product": "Chromium Visuals",
+            "product": "Chromium V8",
             "vulnerabilityName": "Google Chromium V8 Out-of-Bounds Memory Write Vulnerability",
             "dateAdded": "2024-05-16",
             "shortDescription": "Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. ",
@@ -14604,7 +14662,7 @@
             "cveID": "CVE-2020-6572",
             "vendorProject": "Google",
             "product": "Chrome Media",
-            "vulnerabilityName": "Google Chrome Media Prior to 81.0.4044.92 Use-After-Free Vulnerability",
+            "vulnerabilityName": "Google Chrome Media Use-After-Free Vulnerability",
             "dateAdded": "2022-01-10",
             "shortDescription": "Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.",
             "requiredAction": "Apply updates per vendor instructions.",