Updates

TimmyBugcrowd · TimmyBugcrowd · commit ea89ddb3de52 · 2025-07-10T16:47:51.000+02:00
diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json
@@ -3,6 +3,72 @@
     "default": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
   },
   "content": [
+         {
+        "id": "cloud_security",
+        "children": [
+          {
+            "id": "identity_and_access_management_iam_misconfigurations",
+            "children": [
+              {
+                "id": "overly_permissive_iam_roles",
+                "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
+              },
+              {
+                "id": "publicly_accessible_iam_credentials",
+                "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+              }
+            ]
+          },
+          {
+            "id": "storage_misconfigurations",
+            "children": [
+              {
+                "id": "publicly_accessible_cloud_storage",
+                "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+              },
+              {
+                "id": "unencrypted_sensitive_data_at_rest",
+                "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+              }
+            ]
+          },
+          {
+            "id": "network_configuration_issues",
+            "children": [
+              {
+                "id": "open_management_ports_to_the_internet",
+                "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
+              },
+              {
+                "id": "lack_of_network_segmentation",
+                "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L"
+              }
+            ]
+          },
+          {
+            "id": "misconfigured_services_and_apis",
+            "children": [
+              {
+                "id": "exposed_debug_or_admin_interfaces",
+                "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+              },
+              {
+                "id": "insecure_api_endpoints",
+                "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
+              }
+            ]
+          },
+          {
+            "id": "logging_and_monitoring_issues",
+            "children": [
+              {
+                "id": "disabled_or_insufficient_logging",
+                "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+              }
+            ]
+          }
+        ]
+      },        
     {
       "id": "ai_application_security",
       "children": [
diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json
@@ -14,6 +14,14 @@
         "https://owasp.org/www-project-top-10-for-large-language-model-applications/"
       ]
     },
+    {
+      "id": "cloud_security",
+      "remediation_advice": "Harden cloud environments by enforcing least privilege on identities, encrypting data in transit and at rest, blocking public access to sensitive resources, and restricting admin interfaces to trusted networks. Implement proper network segmentation, enable logging and continuous monitoring, and audit configurations regularly using automated tools. Follow cloud security benchmarks and adopt defense-in-depth strategies.",
+      "references": [
+       "https://owasp.org/www-project-cloud-native-application-security-top-10/",
+       "https://cloudsecurityalliance.org/artifacts/security-guidance-v4/"
+     ]
+    },    
     {
       "id": "algorithmic_biases",
       "children": [
