VRT-release-changes

mappings/cvss_v3/cvss_v3.json

@@ -31,6 +31,18 @@
           "id": "unsafe_cross_origin_resource_sharing",
           "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"
         },
+        {
+          "id": "software_package_takeover",
+          "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+        },        
+        {
+          "id": "email_verification_bypass",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
+        },
+        {
+          "id": "missing_subresource_integrity",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
+        },        
         {
           "id": "request_smuggling",
           "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
@@ -362,10 +374,6 @@
           "id": "two_fa_bypass",
           "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
         },
-        {
-          "id": "privilege_escalation",
-          "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"
-        },
         {
           "id": "cleartext_transmission_of_session_token",
           "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
@@ -524,7 +532,11 @@
             {
               "id": "over_http",
               "cvss_v3": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"
-            }
+            },
+            {
+              "id": "password_reset_token",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
+            }            
           ]
         },
         {
@@ -658,7 +670,11 @@
         {
           "id": "username_enumeration",
           "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
-        }
+        },
+        {
+          "id": "privilege_escalation",
+          "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"
+        },        
       ]
     },
     {

mappings/remediation_advice/remediation_advice.json

@@ -30,6 +30,30 @@
             "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS"
           ]
         },
+        {
+          "id": "email_verification_bypass",
+          "remediation_advice": "1. **Implement Robust Token Validation:** Ensure that any token used for email verification is securely generated and validated. Tokens should be long, random, and use secure hashing algorithms to prevent guessing attacks.\n2. **Secure Transmission:** Use HTTPS to protect the transmission of tokens over the network. Ensure that the tokens are not leaked via URLs in the `Referer` header by instructing users to avoid clicking on links from untrusted sources or by implementing measures to strip sensitive information from URLs.\n3. **Expire Tokens Quickly:** Set a short expiration time for verification tokens to limit the window of opportunity for an attacker. Once a token is used or expires, it should be invalidated immediately to prevent reuse.",
+          "references": [
+             "https://owasp.org/www-community/attacks/Email_Injection",
+             "https://portswigger.net/web-security/email-security"
+          ]
+        },
+        {
+          "id": "missing_subresource_integrity",
+          "remediation_advice": "1. **Implement SRI:** Add an `integrity` attribute with a base64-encoded hash to `<script>` and `<link>` tags for external resources. \n2. **Validate Hashes:** Always check the hashes of resources yourself before implementation to ensure they haven't been altered. \n3. **Update Hashes Regularly:** Monitor and update the hashes to reflect changes in the external libraries or resources you use.",
+          "references": [
+             "https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity",
+             "https://www.w3.org/TR/SRI/"
+          ]
+        },
+        {
+          "id": "software_package_takeover",
+          "remediation_advice": "1. **Monitor Dependencies:** Regularly review and update the dependencies in your software projects to ensure they are secure and maintained. Use tools that can automatically check for outdated or vulnerable packages. \n2. **Secure Access Rights:** Restrict and monitor access to package management systems and repositories to prevent unauthorized changes. Use two-factor authentication and strong access controls. \n3. **Verify Package Integrity:** Before deployment, verify the integrity and authenticity of packages using signatures or other verification methods.",
+          "references": [
+            "https://owasp.org/www-community/attacks/Subdomain_Takeover",
+            "https://snyk.io/blog/ten-git-hub-security-best-practices/"
+          ]
+        },                        
         {
           "id": "request_smuggling",
           "remediation_advice": "Implement a robust security configuration, including secure parsing and handling of HTTP requests, and consider deploying a Web Application Firewall (WAF) to detect and mitigate potential smuggling attacks.",
@@ -909,6 +933,14 @@
             "https://www.owasp.org/index.php/Mobile_Top_10_2016-M1-Improper_Platform_Usage"
           ]
         },
+        {
+          "id": "privilege_escalation",
+          "remediation_advice": "1. **Least Privilege Principle:** Enforce the least privilege principle by ensuring that users and processes operate using the minimum permissions necessary to perform their tasks. \n2. **Regular Audits:** Conduct regular audits of system permissions and user roles to identify and rectify excessive permissions or misconfigurations. \n3. **Patch Management:** Keep all systems, applications, and services up to date with the latest security patches to close vulnerabilities that could be exploited for privilege escalation.",
+          "references": [
+             "https://owasp.org/www-community/attacks/Privilege_escalation",
+             "https://www.cisa.gov/uscert/bsi/articles/knowledge/principles/least-privilege"
+          ]
+        },        
         {
           "id": "exposed_sensitive_ios_url_scheme",
           "remediation_advice": "Apple does not enforce the unique naming for App schemes, making it possible for a malicious app to use the same URL Scheme as a legitimate app, effectively hijacking the URL Scheme. As a result, it is important to keep the URL Scheme from being exposed.",

vulnerability-rating-taxonomy.json

@@ -554,6 +554,24 @@
           "type": "subcategory",
           "priority": null
         },
+        {
+          "id": "email_verification_bypass",
+          "name": "Email Verification Bypass",
+          "type": "subcategory",
+          "priority": 5
+        },
+        {
+          "id": "missing_subresource_integrity",
+          "name": "Missing Subresource Integrity",
+          "type": "subcategory",
+          "priority": 5
+        },      
+        {
+          "id": "software_package_takeover",
+          "name": "Software Package Takeover",
+          "type": "subcategory",
+          "priority": null
+        },                  
         {
           "id": "cache_poisoning",
           "name": "Cache Poisoning",
@@ -741,12 +759,6 @@
           "type": "subcategory",
           "priority": 3
         },
-        {
-          "id": "privilege_escalation",
-          "name": "Privilege Escalation",
-          "type": "subcategory",
-          "priority": null
-        },
         {
           "id": "cleartext_transmission_of_session_token",
           "name": "Cleartext Transmission of Session Token",
@@ -999,7 +1011,13 @@
               "name": "Over HTTP",
               "type": "variant",
               "priority": 4
-            }
+            },
+            {
+              "id": "password_reset_token",
+              "name": "Password Reset Token",
+              "type": "subcategory",
+              "priority": 5
+            }         
           ]
         },
         {
@@ -1289,6 +1307,12 @@
           "type": "subcategory",
           "priority": null
         },
+        {
+          "id": "privilege_escalation",
+          "name": "Privilege Escalation",
+          "type": "subcategory",
+          "priority": null
+        },        
         {
           "id": "exposed_sensitive_ios_url_scheme",
           "name": "Exposed Sensitive iOS URL Scheme",