[Q3'25 - Release] Cloud Security + Server Side Injection Updates + Admin Expansion (#483)

* [INTERIM BRANCH] Server-Side-Injection-Updates (#479)

* Update vulnerability-rating-taxonomy.json

* Update vulnerability-rating-taxonomy.json

Small spelling update

---------

Co-authored-by: RRudder <[email protected]>

* [INTERIM BRANCH] Cloud-Security (#476)

* Update vulnerability-rating-taxonomy.json

* Updates

* [INTERIM BRANCH] Admin Portal Expansion (#469)

* Admin Portal Expansion

Add:
Server Security Misconfiguration - Exposed Portal - Protected - P5
Server Security Misconfiguration - Exposed Portal - Admin Portal - P1
Server Security Misconfiguration - Exposed Portal - Non-Admin Portal - P3

Remove:
Server Security Misconfiguration - Exposed Admin Portal - To Internet - P3

* Indicators of Attack

Adding Indicators of Attack based on this: #466 issue.

* Revert "Indicators of Attack"

This reverts commit 3e0c017.

* Release Changes

* Adding SCW

---------

Co-authored-by: Timmy <[email protected]>
Co-authored-by: RRudder <[email protected]>

Author: 3 people

CHANGELOG.md

@@ -12,6 +12,29 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p
 
 ### Changed
 
+## [v1.17](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.16...v1.17) - 2025-08-19
+
+### Added
+
+- Cloud Security - Identity and Access Management (IAM) Misconfigurations - Overly Permissive IAM Roles - P2
+- Cloud Security - Identity and Access Management (IAM) Misconfigurations - Publicly Accessible IAM Credentials - P1
+- Cloud Security - Storage Misconfigurations - Publicly Accessible Cloud Storage - Varies
+- Cloud Security - Storage Misconfigurations - Unencrypted Sensitive Data at Rest - P2
+- Cloud Security - Network Configuration Issues - Open Management Ports to the Internet - P3
+- Cloud Security - Network Configuration Issues - Lack of Network Segmentation - P3
+- Cloud Security - Misconfigured Services and APIs - Exposed Debug or Admin Interfaces - Varies
+- Cloud Security - Misconfigured Services and APIs - Insecure API Endpoints - P4
+- Cloud Security - Logging and Monitoring Issues - Disabled or Insufficient Logging - P5
+- Server-Side Injection - Exposed Data - Non-Sensitive Data - P5
+- Server-Side Injection - Exposed Data - Sensitive Data - Varies
+- Server Security Misconfiguration - Exposed Portal - Protected - P5
+- Server Security Misconfiguration - Exposed Portal - Admin Portal - P1
+- Server Security Misconfiguration - Exposed Portal - Non-Admin Portal - P3
+
+### Removed
+
+-
+
 ## [v1.16](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.15.1...v1.16) - 2025-06-23
 
 ### Added
@@ -23,7 +46,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p
 - AI Application Security - Sensitive Information Disclosure - Cross-Tenant PII Leakage/Exposure - P1
 - AI Application Security - Sensitive Information Disclosure - Key Leak - P1
 - AI Application Security - Remote Code Execution - Full System Compromise - P1
-- AI Application Security - Remote Code Execution - Sandboxed Container Code Execution  - P2
+- AI Application Security - Remote Code Execution - Sandboxed Container Code Execution - P2
 - AI Application Security - Prompt Injection - System Prompt Leakage - P2
 - AI Application Security - Vector and Embedding Weaknesses - Embedding Exfiltration / Model Extraction - P2
 - AI Application Security - Vector and Embedding Weaknesses - Semantic Indexing - P3
@@ -33,16 +56,16 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p
 - AI Application Security - Denial-of-Service (DoS) - Tenant-Scoped - P4
 - AI Application Security - Adversarial Example Injection - AI Misclassification Attacks - P4
 - AI Application Security - Improper Output Handling - Cross-Site Scripting (XSS) - P3
-- AI Application Security - Improper Output Handling - Markdown/HTML Injection  - P4
+- AI Application Security - Improper Output Handling - Markdown/HTML Injection - P4
 - AI Application Security - Improper Input Handling - ANSI Escape Codes - P5
 - AI Application Security - Improper Input Handling - Unicode Confusables - P5
 - AI Application Security - Improper Input Handling - RTL Overrides - P5
 
 ### Removed
 
-- AI Application Security - Large Language Model (LLM) Security - LLM Output Handling  - P1
-- AI Application Security - Large Language Model (LLM) Security - Prompt Injection  - P1
-- AI Application Security - Large Language Model (LLM) Security - Training Data Poisoning  - P1
+- AI Application Security - Large Language Model (LLM) Security - LLM Output Handling - P1
+- AI Application Security - Large Language Model (LLM) Security - Prompt Injection - P1
+- AI Application Security - Large Language Model (LLM) Security - Training Data Poisoning - P1
 - AI Application Security - Large Language Model (LLM) Security - Excessive Agency/Permission Manipulation - P2
 
 ### Other

deprecated-node-mapping.json

@@ -328,5 +328,8 @@
     },
     "ai_application_security.llm_security.training_data_poisoning": {
         "1.16": "other"
+    },
+    "server_security_misconfiguration.exposed_admin_portal.to_internet": {
+        "1.17": "other"
     }
 }

mappings/cvss_v3/cvss_v3.json

@@ -482,6 +482,72 @@
         }
       ]
     },
+    {
+      "id": "cloud_security",
+      "children": [
+        {
+          "id": "identity_and_access_management_iam_misconfigurations",
+          "children": [
+            {
+              "id": "overly_permissive_iam_roles",
+              "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
+            },
+            {
+              "id": "publicly_accessible_iam_credentials",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+            }
+          ]
+        },
+        {
+          "id": "logging_and_monitoring_issues",
+          "children": [
+            {
+              "id": "disabled_or_insufficient_logging",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+            }
+          ]
+        },
+        {
+          "id": "misconfigured_services_and_apis",
+          "children": [
+            {
+              "id": "exposed_debug_or_admin_interfaces",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+            },
+            {
+              "id": "insecure_api_endpoints",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
+            }
+          ]
+        },
+        {
+          "id": "network_configuration_issues",
+          "children": [
+            {
+              "id": "lack_of_network_segmentation",
+              "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L"
+            },
+            {
+              "id": "open_management_ports_to_the_internet",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
+            }
+          ]
+        },
+        {
+          "id": "storage_misconfigurations",
+          "children": [
+            {
+              "id": "publicly_accessible_cloud_storage",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+            },
+            {
+              "id": "unencrypted_sensitive_data_at_rest",
+              "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+            }
+          ]
+        }
+      ]
+    },
     {
       "id": "cross_site_request_forgery_csrf",
       "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
@@ -1069,6 +1135,23 @@
           "id": "email_verification_bypass",
           "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
         },
+        {
+          "id": "exposed_portal",
+          "children": [
+            {
+              "id": "admin_portal",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+            },
+            {
+              "id": "non_admin_portal",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+            },
+            {
+              "id": "protected",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
+            }
+          ]
+        },
         {
           "id": "insecure_ssl",
           "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"

mappings/remediation_advice/remediation_advice.json

@@ -485,6 +485,14 @@
         }
       ]
     },
+    {
+      "id": "cloud_security",
+      "remediation_advice": "Harden cloud environments by enforcing least privilege on identities, encrypting data in transit and at rest, blocking public access to sensitive resources, and restricting admin interfaces to trusted networks. Implement proper network segmentation, enable logging and continuous monitoring, and audit configurations regularly using automated tools. Follow cloud security benchmarks and adopt defense-in-depth strategies.",
+      "references": [
+        "https://owasp.org/www-project-cloud-native-application-security-top-10/",
+        "https://cloudsecurityalliance.org/artifacts/security-guidance-v4/"
+      ]
+    },
     {
       "id": "cross_site_request_forgery_csrf",
       "remediation_advice": "1. Consider using a known and secure CSRF synchronizer API and apply the generated CSRF token to every request. If infeasible to apply to every request, generate a CSRF token for the entire session and apply that to every request or, at minimum, every request considered sensitive. Always make sure to check the actual CSRF token.\n2. Consider verifying using same-origin rules to the source and target by checking the `Origin` and `Referer` headers.\n3. Consider using the `Double Submit Cookie` pattern.\n4. Consider using the `Encrypted Token` pattern.\n5. Consider protecting REST services by using the `X-Requested-With: XMLHttpRequest` header in all requests.\n6. Consider using re-authentication in cases where the request is particularly sensitive. This is the most effective CSRF prevention technique, however it does disturb the entire user experience.",
@@ -1410,12 +1418,10 @@
           ]
         },
         {
-          "id": "exposed_admin_portal",
-          "children": [
-            {
-              "id": "to_internet",
-              "remediation_advice": "As a best practice, consider restricting admin portal access to internal users only."
-            }
+          "id": "exposed_portal",
+          "remediation_advice": "Implement network-level access controls and authentication gateways to prevent unauthorized access to exposed portals, regardless of privilege level.",
+          "references": [
+            "https://nordlayer.com/learn/access-control/best-practices-and-implementation/"
           ]
         },
         {

third-party-mappings/remediation_training/secure-code-warrior-links.json

@@ -127,6 +127,21 @@
   "client_side_injection.binary_planting.no_privilege_escalation": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=client_side_injection:binary_planting:no_privilege_escalation&redirect=true",
   "client_side_injection.binary_planting.non_default_folder_privilege_escalation": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=client_side_injection:binary_planting:non_default_folder_privilege_escalation&redirect=true",
   "client_side_injection.binary_planting.privilege_escalation": null,
+  "cloud_security": null,
+  "cloud_security.identity_and_access_management_iam_misconfigurations": null,
+  "cloud_security.identity_and_access_management_iam_misconfigurations.overly_permissive_iam_roles": null,
+  "cloud_security.identity_and_access_management_iam_misconfigurations.publicly_accessible_iam_credentials": null,
+  "cloud_security.logging_and_monitoring_issues": null,
+  "cloud_security.logging_and_monitoring_issues.disabled_or_insufficient_logging": null,
+  "cloud_security.misconfigured_services_and_apis": null,
+  "cloud_security.misconfigured_services_and_apis.exposed_debug_or_admin_interfaces": null,
+  "cloud_security.misconfigured_services_and_apis.insecure_api_endpoints": null,
+  "cloud_security.network_configuration_issues": null,
+  "cloud_security.network_configuration_issues.lack_of_network_segmentation": null,
+  "cloud_security.network_configuration_issues.open_management_ports_to_the_internet": null,
+  "cloud_security.storage_misconfigurations": null,
+  "cloud_security.storage_misconfigurations.publicly_accessible_cloud_storage": null,
+  "cloud_security.storage_misconfigurations.unencrypted_sensitive_data_at_rest": null,
   "cross_site_request_forgery_csrf": null,
   "cross_site_request_forgery_csrf.action_specific": null,
   "cross_site_request_forgery_csrf.action_specific.authenticated_action": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_request_forgery_csrf:action_specific:authenticated_action&redirect=true",
@@ -379,8 +394,10 @@
   "server_security_misconfiguration.directory_listing_enabled.non_sensitive_data_exposure": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:directory_listing_enabled:non_sensitive_data_exposure&redirect=true",
   "server_security_misconfiguration.directory_listing_enabled.sensitive_data_exposure": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:directory_listing_enabled:sensitive_data_exposure&redirect=true",
   "server_security_misconfiguration.email_verification_bypass": null,
-  "server_security_misconfiguration.exposed_admin_portal": null,
-  "server_security_misconfiguration.exposed_admin_portal.to_internet": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:exposed_admin_portal:to_internet&redirect=true",
+  "server_security_misconfiguration.exposed_portal": null,
+  "server_security_misconfiguration.exposed_portal.admin_portal": null,
+  "server_security_misconfiguration.exposed_portal.non_admin_portal": null,
+  "server_security_misconfiguration.exposed_portal.protected": null,
   "server_security_misconfiguration.fingerprinting_banner_disclosure": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:fingerprinting_banner_disclosure&redirect=true",
   "server_security_misconfiguration.insecure_ssl": null,
   "server_security_misconfiguration.insecure_ssl.certificate_error": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:insecure_ssl:certificate_error&redirect=true",
@@ -466,6 +483,9 @@
   "server_side_injection.content_spoofing.impersonation_via_broken_link_hijacking": null,
   "server_side_injection.content_spoofing.rtlo": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:rtlo&redirect=true",
   "server_side_injection.content_spoofing.text_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:text_injection&redirect=true",
+  "server_side_injection.exposed_data": null,
+  "server_side_injection.exposed_data.non_sensitive_data": null,
+  "server_side_injection.exposed_data.sensitive_data": null,
   "server_side_injection.file_inclusion": null,
   "server_side_injection.file_inclusion.local": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:file_inclusion:local&redirect=true",
   "server_side_injection.http_response_manipulation": null,