Merge branch 'dev' of https://github.com/CVEProject/cve-website into content-rjr-3225

Author: jdaigneau5

.github/workflows/web-issue-triage.yml

@@ -19,6 +19,7 @@ import PrimaryNavigation from './components/PrimaryNavigation.vue';
 import NotificationBannerModule from './components/NotificationBannerModule.vue';
 import FoooterModule from './components/FooterModule.vue';
 import NotFound from './views/NotFound.vue';
+import { usePartnerStore } from '@/stores/partners';
 
 export default {
   components: {
@@ -31,6 +32,9 @@ export default {
     return {
       NavigationItems
     }
+  },
+  beforeMount() {
+    usePartnerStore().populatePartnerShortLongNameMap();
   }
 }
 </script>

src/App.vue

@@ -23890,5 +23890,61 @@
       ]
     },
     "country": "Singapore"
+  },
+  {
+    "shortName": "LeicaBiosystems",
+    "cnaID": "CNA-2024-0072",
+    "organizationName": "Leica Biosystems",
+    "scope": "All Leica Biosystems products",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "[email protected]"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.leicabiosystems.com/us/about/coordinated-vulnerability-disclosure-cvd-process/"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.leicabiosystems.com/us/about/product-security-advisories/"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "icscert",
+        "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "CISA",
+        "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA)"
+      },
+      "type": [
+        "Vendor"
+      ]
+    },
+    "country": "USA"
   }
 ]

src/assets/data/CNAsList.json

@@ -151,6 +151,14 @@
       "organizationURL": "https://www.panasonic.com/global/home.html",
       "role": "Board"
     },
+    {
+      "familyName": "Turner",
+      "firstName": "Chris",
+      "imageURL": "",
+      "organization": "National Institute of Standards and Technology (NIST)",
+      "organizationURL": "https://www.nist.gov/",
+      "role": "NIST CVE Board Liaison"
+    },
     {
       "familyName": "Waltermire",
       "firstName": "David",
@@ -167,4 +175,4 @@
       "organizationURL": "https://www.broadcom.com/",
       "role": "Board"
     }
-  ]
+  ]

src/assets/data/currentBoardMembersList.json

@@ -18,10 +18,9 @@
     },
     {
       "id": 34,
-      "displayOnHomepageOrder": 1,
       "title": "CVE Program Workshop – Autumn 2024",
       "location": "Virtual",
-      "description": "A collaborative virtual community event of CVE Partners focused on improving CVE.<br/><br/>Event Time: 10:00 AM to 2:00 PM EDT both days.<br/><br/>Please refer to the CNA partners email announcements for agenda topics, deadlines, and other workshop details.",
+      "description": "A collaborative virtual community event of CVE Partners focused on improving CVE.<br/><br/>Event Time: 10:00 AM to 2:00 PM EDT both days.<br/><br/>Please refer to the CNA partners email announcements for agenda topics and other workshop details.",
       "permission": "private",
       "url": "",
       "date": {
@@ -32,7 +31,7 @@
     },
     {
       "id": 33,
-      "displayOnHomepageOrder": 2,
+      "displayOnHomepageOrder": 1,
       "title": "CVE/FIRST VulnCon 2025",
       "location": "Raleigh, North Carolina, USA & Virtual",
       "description": "VulnCon 2025 is co-sponsored by the <a href='/'>CVE Program</a> and <a href='https://www.first.org/' target='_blank'>FIRST</a> and is open to the public.<br/><br/><strong>SPECIAL MESSAGE FOR CVE NUMBERING AUTHORITIES (CNAs)</strong>:<br/><i>VulnCon 2025 takes the place of this year’s Spring CVE Global Summit.</i><br/><br/><strong>Call for Papers</strong>:<br/>Open until January 31, 2025. Details <a href='https://www.first.org/conference/vulncon2025/cfp' target='_blank'>here</a>.<br/><br/><strong>Program Overview</strong>:<br/>* Day 1: Monday, April 7 &mdash; TBA<br/>* Day 2: Tuesday, April 8 &mdash; TBA<br/>* Day 3: Wednesday, April 9 &mdash; TBA <br/>* Day 4: Thursday, April 10 &mdash; TBA<br/><br/><strong>Agenda</strong>:<br/> TBA<br/><br/> <strong>Call for Papers</strong>:<br/>TBA<br/><br/><strong>Registration</strong>:<br/>Registration will open in November 2024.<br/><ul><li>Standard Admission (by March 9, 2025): US $300.00</li><li>Late Rate Admission (after March 9, 2025): US $375.00</li><li>Virtual Admission: US $100.00</li></ul>Registration fees include four days of coffee breaks and buffet lunches, one networking reception hosted at the McKimmon Center, and applicable meeting materials. Note that discounted rates are not being offered for this event regardless of membership or speaking status.<br/><br/>An After Party will be tentatively hosted off-site with tickets to be sold separately. More information to come. Tickets will cost US $25.00.<br/><br/><strong>Venue</strong>:<br/><a href='https://facilities.ofa.ncsu.edu/building/mck/' target='_blank'>McKimmon Center,<br/>North Carolina State University</a>,<br/>1101 Gorman St.,<br/> Raleigh, North Carolina 27606<br/>USA<br/><br/><strong>Purpose</strong>:<br/>The purpose of <a href='https://www.first.org/conference/vulncon2025/' target='_blank'>VulnCon</a> is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.<br/><br/>A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.",

src/assets/data/events.json

@@ -271,8 +271,8 @@
 				"questionId": "search_cve",
 				"questionText": "How do I search the CVE List",
 				"questionResponseParagraphs": [
-					"<strong>Keyword(s) Search of All CVE Records</strong>",
-					"<ul><li>Search by keyword(s) across <a href='https://github.com/CVEProject/cvelistV5' target='_blank'>ALL FIELDS of all CVE Records</a> in the cvelistV5 downloads repository using the main search box on GitHub.com.</li><li>Search by keyword(s) in the <a href='https://cve.mitre.org/cve/search_cve_list.html' target='_blank'>Description fields ONLY of all CVE Records</a> using the legacy search page on cve.mitre.org.</li></ul>"
+					"<b><i>Search Tips<i></b>",
+					"<ul><li>By CVE ID<ul><li>Must include only one CVE ID per search.</li><li>CVE ID must include all letters, numbers, and hyphens associated with the CVE ID, e.g., CVE-2024-12345678.</li><li>“CVE” may be entered as “cve”, “CVE”, or as a combination of uppercase and lowercase, as casing is ignored during search.</li></ul></li><li>By other keyword(s)<ul><li>Must contain only alphanumeric characters, e.g., letters or numbers.</li><li>May contain one or more keywords, separated by a space.</li><li>Keywords may be entered in lowercase, uppercase, or a combination of both. Casing is ignored during search, e.g., Vulnerabilities, vulnerabilities, VULNERABILITIES.</li></ul></li></ul>"
 				]
 			},
 			{

src/assets/data/faqs.json

@@ -1165,7 +1165,7 @@
         },
         {
           "month": "October",
-          "value": "6"
+          "value": "7"
         },
         {
           "month": "November",

src/assets/data/metrics.json

@@ -1,7 +1,50 @@
 {
   "currentNews": [
+    {
+      "id": 431,
+      "newsType": "news",
+      "title": "Leica Biosystems Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "Leica Biosystems Added as CNA",
+      "date": "2024-10-29",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/LeicaBiosystems'>Leica Biosystems</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for all Leica Biosystems products."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>415 CNAs</a> (413 CNAs and 2 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Leica Biosystems is the 225th CNA from USA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Leica Biosystems’ Root is the <a href='/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 430,
+      "newsType": "news",
+      "title": "NIST CVE Board Liaison Board Member Announced",
+      "urlKeywords": "NIST CVE Board Liaison Board Member Announced",
+      "date": "2024-10-29",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The <a href='/'>CVE Program</a> is pleased to announce that Chris Turner of the <a href='https://www.nist.gov/' target='_blank'>National Institute of Standards and Technology (NIST)</a> is the newest member of the <a href='/ProgramOrganization/Board'>CVE Board</a>, serving as the “NIST CVE Board Liaison.”"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Per the <a href='/Resources/Roles/Board/General/Board-Charter.pdf' target='_blank'>CVE Board Charter</a>, “Section 1.3.3 Organizational Liaison &ndash; An Organizational Liaison position allows for tighter partnerships with targeted organizations. This type of role provides the Board with greater flexibility for how external organizations work with the Board and CVE Program governance. There can be one or more organization(s) designated to have a liaison relationship with the Board at any one time. Each Organization with a Liaison position will have a single seat on the Board reserved for the Organizational Liaison representing them. This allows the Board representation from specific organizations as needed. This is a term-limited seat that must be reconfirmed by the Secretariat when the term set expires. The default term, unless specified by the Board during the establishment of the organization’s liaison role, is one year. The Secretariat assures the Organization wishes to continue the Board relationship and that the designated individual is the proper person to fill the role for the organization for the upcoming term. The Organization’s liaison is a voting member of the Board and can serve more than one consecutive term if the Organization desires. This position is a two-way conduit for the Organization to bring things to and from the Board in an official and structured way.”"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The CVE Board is the organization responsible for the strategic direction, governance, operational structure, policies, and rules of the CVE Program. The Board includes members from numerous cybersecurity-related organizations including commercial security tool vendors, academia, research institutions, government departments and agencies, and other prominent security experts, as well as end-users of vulnerability information."
+        }
+      ]
+    },
     {
       "id": 429,
+      "displayOnHomepageOrder": 1,
       "newsType": "blog",
       "title": "CVE Program Celebrates 25 Years of Impact!",
       "urlKeywords": "CVE Program Celebrates 25 Years",
@@ -133,7 +176,7 @@
       "description": [
         {
           "contentnewsType": "paragraph",
-          "content": "<a href='/PartnerInformation/ListofPartners/partner/OMRON'>OMRON Corporation</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for Omron Group companies’ Industrial Automation, Healthcare, Social Systems, Device &amp; Module Solutions issues only."
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/OMRON'>OMRON Corporation</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for Omron Group companies’ Industrial Automation, Healthcare, Social Systems, Device &amp; Module Solutions issues only. Read the OMRON news release: “<a href='https://www.omron.com/global/en/media/2024/10/c1024.html' target='_blank'>Authorized as a CVE Numbering Authority for security vulnerabilities</a>."
         },
         {
           "contentnewsType": "paragraph",
@@ -417,7 +460,7 @@
       "description": [
         {
           "contentnewsType": "paragraph",
-          "content": "<a href='/PartnerInformation/ListofPartners/partner/RTI'>Real-Time Innovations, Inc.</a> (RTI) is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for all RTI Connext products, including EOL products. See <a href='https://www.rti.com/products' target='_blank'>https://www.rti.com/products</a> for more information."
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/RTI'>Real-Time Innovations, Inc.</a> (RTI) is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for all RTI Connext products, including EOL products. See <a href='https://www.rti.com/products' target='_blank'>https://www.rti.com/products</a> for more information. Read the RTI news release: “<a href='https://www.rti.com/news/rti-joins-cve-program' target='_blank'>RTI Joins the Common Vulnerabilities and Exposures (CVE®) Program as a CVE Numbering Authority (CNA)</a>."
         },
         {
           "contentnewsType": "paragraph",

src/assets/data/news.json

@@ -5,21 +5,21 @@
         <slot></slot>
         <button class="button message-header-button"
           :style="{'background-color': '#162e51 !important', 'color': 'white !important'}"
-          :aria-expanded="useCveRecordLookupStore.accordionState[organizationId] ? 'true' : 'false'"
+          :aria-expanded="usecveRecordStore.accordionState[organizationId] ? 'true' : 'false'"
           :aria-controls="`${organizationId}-panel`"
         >
           <span class="icon is-small">
             <p :id="`expandCollapseAltText-${organizationId}`" class="is-hidden">
-              {{useCveRecordLookupStore.accordionState[organizationId] ? 'expand' : 'collapse'}}
+              {{usecveRecordStore.accordionState[organizationId] ? 'expand' : 'collapse'}}
             </p>
-            <font-awesome-icon :icon="useCveRecordLookupStore.accordionState[organizationId] ? 'minus' : 'plus'"
+            <font-awesome-icon :icon="usecveRecordStore.accordionState[organizationId] ? 'minus' : 'plus'"
               aria-hidden="false" focusable="true" :aria-labelledby="`expandCollapseAltText-${organizationId}`"
             />
           </span>
         </button>
       </button>
       <!-- Panel content is conditionally determined by role -->
-      <div :id="`${organizationId}-panel`" v-if="useCveRecordLookupStore.accordionState[organizationId]"
+      <div :id="`${organizationId}-panel`" v-if="usecveRecordStore.accordionState[organizationId]"
         class="pl-3 pr-3 pt-2 pb-5 cve-container-accordion-panel"
       >
         <div>
@@ -210,7 +210,8 @@
 </template>
 
 <script>
-import { useCveRecordLookupStore } from '@/stores/cveRecordLookup.ts';
+import { usecveRecordStore } from '@/stores/cveRecord.ts';
+import { useGenericGlobalsStore } from '@/stores/genericGlobals';
 import ProductStatus from '@/components/ProductStatus.vue';
 import CveRecordReferences from './CveRecordReferences.vue';
 
@@ -255,13 +256,13 @@ export default {
       //to do
       adpShortName: this.containerObject.providerMetadata.shortName,
       dateUpdated: '',
-      cveServicesBaseUrl: import.meta.env.VITE_CVE_SERVICES_BASE_URL,
-      useCveRecordLookupStore: useCveRecordLookupStore(),
+      cveServicesBaseUrl: useGenericGlobalsStore().currentServicesUrl,
+      usecveRecordStore: usecveRecordStore(),
     }
   },
   methods: {
     togglePanel(){
-      useCveRecordLookupStore().accordionState[this.organizationId] = !useCveRecordLookupStore().accordionState[this.organizationId];
+      usecveRecordStore().accordionState[this.organizationId] = !usecveRecordStore().accordionState[this.organizationId];
     },
     hasEnrichmentData(){
       if (this.cwes.length > 0 || this.cvsss.length > 0 || this.kevs.length > 0 || this.ssvcs.length > 0) {
@@ -406,8 +407,8 @@ export default {
       }
     },
     getCveProgramReferences(){
-      if (this.containerObject.providerMetadata.shortName.toLowerCase() !== useCveRecordLookupStore().cveProgramShortName) return;
-      this.cveProgramReferences = useCveRecordLookupStore().getReferences(this.containerObject.references);
+      if (this.containerObject.providerMetadata.shortName.toLowerCase() !== usecveRecordStore().cveProgramShortName) return;
+      this.cveProgramReferences = usecveRecordStore().getReferences(this.containerObject.references);
     },
     getUpdatedDate() {
       this.dateUpdated = this.getDate(this.containerObject.providerMetadata.dateUpdated);