Admin Portal Expansion

TimmyBugcrowd · TimmyBugcrowd · commit 5c6a566a5ab5 · 2025-06-23T21:38:47.000+02:00
Add:
Server Security Misconfiguration - Exposed Portal - Protected - P5
Server Security Misconfiguration - Exposed Portal - Admin Portal - P1
Server Security Misconfiguration - Exposed Portal - Non-Admin Portal - P3

Remove:
Server Security Misconfiguration - Exposed Admin Portal - To Internet - P3
diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json
@@ -1039,6 +1039,23 @@
             }
           ]
         },
+        {
+          "id": "exposed_portal",
+          "children": [
+            {
+              "id": "protected",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
+            },
+            {
+              "id": "admin_portal",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+            },
+            {
+              "id": "non_admin_portal",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+            }
+          ]
+        },        
         {
           "id": "clickjacking",
           "children": [
diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json
@@ -1410,14 +1410,12 @@
           ]
         },
         {
-          "id": "exposed_admin_portal",
-          "children": [
-            {
-              "id": "to_internet",
-              "remediation_advice": "As a best practice, consider restricting admin portal access to internal users only."
-            }
+          "id": "exposed_portal",
+          "remediation_advice": "Implement network-level access controls and authentication gateways to prevent unauthorized access to exposed portals, regardless of privilege level.",
+          "references": [
+            "https://nordlayer.com/learn/access-control/best-practices-and-implementation/"
           ]
-        },
+        },        
         {
           "id": "fingerprinting_banner_disclosure",
           "remediation_advice": "As a best practice, do not expose the specific software version."
diff --git a/vulnerability-rating-taxonomy.json b/vulnerability-rating-taxonomy.json
@@ -2384,15 +2384,27 @@
           "priority": 5
         },
         {
-          "id": "exposed_admin_portal",
-          "name": "Exposed Admin Portal",
+          "id": "exposed_portal",
+          "name": "Exposed Portal",
           "type": "subcategory",
           "children": [
             {
-              "id": "to_internet",
-              "name": "To Internet",
+              "id": "protected",
+              "name": "Protected",
               "type": "variant",
               "priority": 5
+            },
+            {
+              "id": "admin_portal",
+              "name": "Admin Portal",
+              "type": "variant",
+              "priority": 1
+            },
+            {
+              "id": "non_admin_portal",
+              "name": "Non-Admin Portal",
+              "type": "variant",
+              "priority": 3
             }
           ]
         },

Original file line number	Diff line number	Diff line change
`@@ -1410,14 +1410,12 @@`
`1410`	`1410`	`]`
`1411`	`1411`	`},`
`1412`	`1412`	`{`
`1413`		`- "id": "exposed_admin_portal",`
`1414`		`- "children": [`
`1415`		`- {`
`1416`		`- "id": "to_internet",`
`1417`		`- "remediation_advice": "As a best practice, consider restricting admin portal access to internal users only."`
`1418`		`- }`
	`1413`	`+ "id": "exposed_portal",`
	`1414`	`+ "remediation_advice": "Implement network-level access controls and authentication gateways to prevent unauthorized access to exposed portals, regardless of privilege level.",`
	`1415`	`+ "references": [`
	`1416`	`+ "https://nordlayer.com/learn/access-control/best-practices-and-implementation/"`
`1419`	`1417`	`]`
`1420`		`- },`
	`1418`	`+ },`
`1421`	`1419`	`{`
`1422`	`1420`	`"id": "fingerprinting_banner_disclosure",`
`1423`	`1421`	`"remediation_advice": "As a best practice, do not expose the specific software version."`