Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 49 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,55 @@ All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/)

## [V1.18.1]

### Added

- Active Directory (AD) - SCCM Abuse - PXE Boot Media Theft - Varies
- Active Directory (AD) - SCCM Abuse - Distribution Point Permits Anonymous Access - Varies
- Active Directory (AD) - SCCM Abuse - Automatic Device Approval Enabled - Varies
- Active Directory (AD) - SCCM Abuse - NTLM Relay From Management Point to Site Database - Varies
- Active Directory (AD) - SCCM Abuse - NTLM Relay From Site Server To Site Systems - Varies
- Active Directory (AD) - SCCM Abuse - NTLM Relay Via Automatic Client Push Installation - Varies
- Active Directory (AD) - SCCM Abuse - Privileged Credentials Exposed In Task Sequences, Collection Variables or Network Access Account - Varies
- Active Directory (AD) - Kerberos Abuse - Domain Compromise via Unconstrained Delegated - P1
- Active Directory (AD) - Kerberos Abuse - Insecure Service Account Management (Kerberoasting) - P2
- Active Directory (AD) - Kerberos Abuse - User Does Not Require Pre-authentication (ASREPRoasting) - P2
- Active Directory (AD) - Misconfigured Active Directory Certificate Services (ADCS) - Varies
- Active Directory (AD) - Configuration Weaknesses - Passwords Found within Domain User Account Description - Varies
- Active Directory (AD) - Configuration Weaknesses - Weak Domain Password Policy - P2
- Active Directory (AD) - Configuration Weaknesses - Shared Administrator Passwords - P2
- Active Directory (AD) - Configuration Weaknesses - Excessive Domain Admin Membership - P3
- Active Directory (AD) - Configuration Weaknesses - Dormant/Inactive User Accounts Enabled in the Domain (> 90 days) - P3
- Active Directory (AD) - Sensitive Data Exposure - LDAP Anonymous Bind Enabled - Varies
- Active Directory (AD) - Sensitive Data Exposure - Sensitive Data in Open File Shares - Varies
- Active Directory (AD) - DACL Abuse - Varies
- Server Security Misconfiguration - Misconfigured File Share - Anonymous FTP Enabled - Varies
- Server Security Misconfiguration - Misconfigured File Share - Anonymous SMB Enabled - Varies
- Server Security Misconfiguration - Misconfigured File Share - Non-Sensitive Data Exposure via Anonymous FTP/SMB Enabled - P5
- Broken Authentication and Session Management - Excessive JSON Web Token (JWT) Lifetime - P5
- Broken Authentication and Session Management - Secret Questions Used for Account Verification - P5
- Insufficient Security Configurability - No 2FA Implementation - P5
- Insufficient Security Configurability - No Account Lockout - P5
- Insufficient Security Configurability - Weak JSON Web Token (JWT) Hashing Algorithm - P5
- Sensitive Data Exposure - Disclosure of Secrets - Sensitive Information Disclosed in JSON Web Token (JWT) - P5
- Sensitive Data Exposure - Disclosure of Secrets - Publicly accessible Robots.txt - P5
- Server Security Misconfiguration - Fingerprinting/Banner Disclosure - Software Versions Disclosed in Response Headers - P5
- Server Security Misconfiguration - Misconfigured Security Headers - Insecure Content-Security-Policy - P5
- Using Components with Known Vulnerabilities - Unpatched Javascript Libraries - P5
- Server-Side Injection - Content Spoofing - Self Email HTML Injection - P5
- Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - Internal Secrets Exposure - P2
- Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - Internal Data Exposure - P3
- Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - Internal Port Service Scan - P3
- Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - Internal Exposure of the Presence of Data/Secrets - P4
- Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - Internal Port Scan Only - P4
- CVSS4 Mappings, as a generative script which adds missing mappings for more recent VRT items.

### Removed

- Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - Internal High Impact
- Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - Internal Scan and/or Medium Impact

## [Unreleased]

### Added
Expand Down
192 changes: 188 additions & 4 deletions mappings/cvss_v3/cvss_v3.json
Original file line number Diff line number Diff line change
Expand Up @@ -457,6 +457,14 @@
{
"id": "weak_registration_implementation",
"cvss_v3": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
{
"id": "excessive_jwt_lifetime",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
},
{
"id": "secret_questions_account_verification",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
}
]
},
Expand Down Expand Up @@ -913,6 +921,18 @@
"cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
]
},
{
"id": "no_two_fa_implementation",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
},
{
"id": "no_account_lockout",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
},
{
"id": "weak_jwt_hashing_algorithm",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
}
]
},
Expand Down Expand Up @@ -993,6 +1013,14 @@
{
"id": "pay_per_use_abuse",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
{
"id": "sensitive_information_disclosed_jwt",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
},
{
"id": "publicly_accessible_robots",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
}
]
},
Expand Down Expand Up @@ -1279,11 +1307,23 @@
"cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"
},
{
"id": "internal_high_impact",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"
"id": "internal_secrets_exposure",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N"
},
{
"id": "internal_data_exposure",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"
},
{
"id": "internal_port_service_scan",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"
},
{
"id": "internal_exposure_presence_data_secrets",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"
},
{
"id": "internal_scan_and_or_medium_impact",
"id": "internal_port_scan_only",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"
}
]
Expand Down Expand Up @@ -1313,6 +1353,41 @@
"cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
]
},
{
"id": "misconfigured_file_share",
"children": [
{
"id": "anonymous_ftp_enabled",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
{
"id": "anonymous_smb_enabled",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
{
"id": "non_sensitive_data_exposure_ftp_smb",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
}
]
},
{
"id": "fingerprinting_banner_disclosure",
"children": [
{
"id": "software_version_in_response_headers",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
}
]
},
{
"id": "misconfigured_security_headers",
"children": [
{
"id": "insecure_csp",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
}
]
}
]
},
Expand Down Expand Up @@ -1342,6 +1417,10 @@
{
"id": "impersonation_via_broken_link_hijacking",
"cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
},
{
"id": "self_email_html_injection",
"cvss_v3": "AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N"
}
],
"cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
Expand Down Expand Up @@ -1407,12 +1486,117 @@
{
"id": "rosetta_flash",
"cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
},
{
"id": "unpatched_javascript_libraries",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
}
]
},
{
"id": "zero_knowledge_security_misconfiguration",
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
},
{
"id": "active_directory",
"children": [
{
"id": "sccm_abuse",
"children": [
{
"id": "pxe_boot_media_theft",
"cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"
},
{
"id": "distribution_point_anonymous_access",
"cvss_v3": "AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
},
{
"id": "automatic_device_approval",
"cvss_v3": "AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N"
},
{
"id": "ntlm_management_point_site_database",
"cvss_v3": "AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"
},
{
"id": "ntlm_site_server_site_systems",
"cvss_v3": "AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"
},
{
"id": "ntlm_automatic_push_installation",
"cvss_v3": "AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
},
{
"id": "privileged_credentials_exposed",
"cvss_v3": "AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"
}
]
},
{
"id": "kerberos_abuse",
"children": [
{
"id": "domain_compromise_unconstrained_delegated",
"cvss_v3": "AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
},
{
"id": "insecure_service_account_management",
"cvss_v3": "AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"
},
{
"id": "no_pre_authentication",
"cvss_v3": "AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"
}
]
},
{
"id": "misconfigured_active_directory_certificate_services",
"cvss_v3": "AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"
},
{
"id": "configuration_weaknesses",
"children": [
{
"id": "passwords_found_domain_description",
"cvss_v3": "AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"
},
{
"id": "weak_domain_password_policy",
"cvss_v3": "AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"
},
{
"id": "shared_administrator_passwords",
"cvss_v3": "AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
},
{
"id": "excessive_domain_admin_membership",
"cvss_v3": "AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
},
{
"id": "dormant_enabled_user_accounts",
"cvss_v3": "AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
}
]
},
{
"id": "sensitive_data_exposure",
"children": [
{
"id": "ldap_anonymous_bind_enabled",
"cvss_v3": "AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
},
{
"id": "sensitive_data_in_open_file_shares",
"cvss_v3": "AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"
}
]
},
{
"id": "dacl_abuse",
"cvss_v3": "AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"
}
]
}
]
}
}
Loading
Loading