Skip to content

v1.11 - 2023-11-20
Compare
Choose a tag to compare
@jhas3c jhas3c released this 20 Nov 18:04
· 10 commits to master since this release
v1.11
d88c735
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Added

  • Sensitive Data Exposure - Disclosure of Secrets - PII Leakage/Exposure: VARIES
  • Server-Side Injection - Content Spoofing - HTML Content Injection: P5
  • Broken Authentication and Session Management - Failure to invalidate session - Permission change: VARIES
  • Server Security Misconfiguration - Request Smuggling: VARIES
  • Server-Side Injection - LDAP Injection: VARIES
  • Cryptographic Weakness - Insufficient Entropy - Limited Random Number Generator (RNG) Entropy Source: P4
  • Cryptographic Weakness - Insufficient_Entropy - Use of True Random Number Generator (TRNG) for Non-Security Purpose: P5
  • Cryptographic Weakness - Insufficient_Entropy - Pseudo-Random Number Generator (PRNG) Seed Reuse: P5
  • Cryptographic Weakness - Insufficient_Entropy - Predictable Pseudo-Random Number Generator (PRNG) Seed: P4
  • Cryptographic Weakness - Insufficient_Entropy - Small Seed Space in Pseudo-Random Number Generator (PRNG): P4
  • Cryptographic Weakness - Insufficient_Entropy - Initialization Vector (IV) Reuse: P5
  • Cryptographic Weakness - Insufficient_Entropy - Predictable Initialization Vector (IV): P4
  • Cryptographic Weakness - Insecure Implementation - Missing Cryptographic Step: VARIES
  • Cryptographic Weakness - Insecure Implementation - Improper Following of Specification (Other): VARIES
  • Cryptographic Weakness - Weak Hash - Lack of Salt: VARIES
  • Cryptographic Weakness - Weak Hash - Use of Predictable Salt: P5
  • Cryptographic Weakness - Weak Hash - Predictable Hash Collision: VARIES
  • Cryptographic Weakness - Insufficient Verification of Data Authenticity - Integrity Check Value (ICV): P4
  • Cryptographic Weakness - Insufficient Verification of Data Authenticity - Cryptographic Signature: VARIES
  • Cryptographic Weakness - Insecure Key Generation - Improper Asymmetric Prime Selection: VARIES
  • Cryptographic Weakness - Insecure Key Generation - Improper Asymmetric Exponent Selection: VARIES
  • Cryptographic Weakness - Insecure Key Generation - Insufficient Key Stretching: VARIES
  • Cryptographic Weakness - Insecure Key Generation - Insufficient Key Space: P3
  • Cryptographic Weakness - Insecure Key Generation - Key Exchage Without Entity Authentication: P3
  • Cryptographic Weakness - Key Reuse - Lack of Perfect Forward Secrecy: P4
  • Cryptographic Weakness - Key Reuse - Intra-Environment: P5
  • Cryptographic Weakness - Key Reuse - Inter-Environment: P2
  • Cryptographic Weakness - Side-Channel Attack - Padding Oracle Attack: P4
  • Cryptographic Weakness - Side-Channel Attack - Timing Attack: P4
  • Cryptographic Weakness - Side-Channel Attack - Power Analysis Attack: P5
  • Cryptographic Weakness - Side-Channel Attack - Emanations Attack: P5
  • Cryptographic Weakness - Side-Channel Attack - Differential Fault Analysis: VARIES
  • Cryptographic Weakness - Use of Expired Cryptographic Key (or Certificate): P4
  • Cryptographic Weakness - Incomplete Cleanup of Keying Material: P5
  • Cryptographic Weakness - Broken Cryptography - Use of Broken Cryptographic Primitive: P3
  • Cryptographic Weakness - Broken Cryptography - Use of Vulnerable Cryptographic Library: P4
  • Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read/Edit/Delete Non-Sensitive Information: P5
  • Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read/Edit/Delete Sensitive Information/GUID/Complex Object Identifiers: P4
  • Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read Sensitive Information/Iterable Object Identifiers: P3
  • Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Edit/Delete Sensitive Information/Iterable Object Identifiers: P2
  • Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read/Edit/Delete Sensitive Information (PII)/Iterable Object Identifier: P1

Changed

FROM:

  • Cross-Site Scripting (XSS) - IE-Only - Older Version (< IE11): P5

TO:

  • Cross-Site Scripting (XSS) - IE-Only: P5

FROM:

  • Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) - Internal High Impact: P2
  • Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) - Internal Scan and/or Medium Impact: P3
  • Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) - External: P4
  • Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) - DNS Query Only : P5

TO:

  • Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - Internal High Impact: P2
  • Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - Internal Scan and/or Medium Impact: P3
  • Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - External - Low impact: P5
  • Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - External - DNS Query Only: P5

FROM:

  • Automotive Security Misconfiguration - Infotainment, Radio Head Unit - PII Leakage: P1

TO:

  • Automotive Security Misconfiguration - Infotainment, Radio Head Unit - Sensitive data Leakage/Exposure: P1

Removed

  • Cross-Site Scripting (XSS) - IE-Only - IE11: P4
  • Cross-Site Scripting (XSS) - XSS Filter Disabled: P5
  • Broken Cryptography - Cryptographic Flaw - Incorrect Usage: P1
Assets 2
Loading