Fix CVSS for email spoofing due to DMARC misconfiguration (#437)

abhinav-nain · iambouali · web-flow · commit eba705441303 · 2025-01-16T08:35:24.000-05:00
Updated the CVSS for the vulnerability related to email spoofing caused by missing or misconfigured DMARC records.

Co-authored-by: Tarek Bouali &lt;contact@tarekbouali.com&gt;
diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json
@@ -1164,7 +1164,7 @@
           "children": [
             {
               "id": "email_spoofing_to_inbox_due_to_missing_or_misconfigured_dmarc_on_email_domain",
-              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
             },
             {
               "id": "no_spoofing_protection_on_email_domain",

Original file line number	Diff line number	Diff line change
`@@ -1164,7 +1164,7 @@`
`1164`	`1164`	`"children": [`
`1165`	`1165`	`{`
`1166`	`1166`	`"id": "email_spoofing_to_inbox_due_to_missing_or_misconfigured_dmarc_on_email_domain",`
`1167`		`- "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"`
	`1167`	`+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"`
`1168`	`1168`	`},`
`1169`	`1169`	`{`
`1170`	`1170`	`"id": "no_spoofing_protection_on_email_domain",`