Skip to content

Commit ef96eca

Browse files
TimmyBugcrowdTimmyBugcrowd
authored
[INTERIM BRANCH] Cloud-Security (#476)
* Update vulnerability-rating-taxonomy.json * Updates
1 parent 6b6f8c3 commit ef96eca

File tree

3 files changed

+169
-0
lines changed

3 files changed

+169
-0
lines changed

mappings/cvss_v3/cvss_v3.json

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,72 @@
33
"default": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
44
},
55
"content": [
6+
{
7+
"id": "cloud_security",
8+
"children": [
9+
{
10+
"id": "identity_and_access_management_iam_misconfigurations",
11+
"children": [
12+
{
13+
"id": "overly_permissive_iam_roles",
14+
"cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
15+
},
16+
{
17+
"id": "publicly_accessible_iam_credentials",
18+
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
19+
}
20+
]
21+
},
22+
{
23+
"id": "storage_misconfigurations",
24+
"children": [
25+
{
26+
"id": "publicly_accessible_cloud_storage",
27+
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
28+
},
29+
{
30+
"id": "unencrypted_sensitive_data_at_rest",
31+
"cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
32+
}
33+
]
34+
},
35+
{
36+
"id": "network_configuration_issues",
37+
"children": [
38+
{
39+
"id": "open_management_ports_to_the_internet",
40+
"cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
41+
},
42+
{
43+
"id": "lack_of_network_segmentation",
44+
"cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L"
45+
}
46+
]
47+
},
48+
{
49+
"id": "misconfigured_services_and_apis",
50+
"children": [
51+
{
52+
"id": "exposed_debug_or_admin_interfaces",
53+
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
54+
},
55+
{
56+
"id": "insecure_api_endpoints",
57+
"cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
58+
}
59+
]
60+
},
61+
{
62+
"id": "logging_and_monitoring_issues",
63+
"children": [
64+
{
65+
"id": "disabled_or_insufficient_logging",
66+
"cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
67+
}
68+
]
69+
}
70+
]
71+
},
672
{
773
"id": "ai_application_security",
874
"children": [

mappings/remediation_advice/remediation_advice.json

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,14 @@
1414
"https://owasp.org/www-project-top-10-for-large-language-model-applications/"
1515
]
1616
},
17+
{
18+
"id": "cloud_security",
19+
"remediation_advice": "Harden cloud environments by enforcing least privilege on identities, encrypting data in transit and at rest, blocking public access to sensitive resources, and restricting admin interfaces to trusted networks. Implement proper network segmentation, enable logging and continuous monitoring, and audit configurations regularly using automated tools. Follow cloud security benchmarks and adopt defense-in-depth strategies.",
20+
"references": [
21+
"https://owasp.org/www-project-cloud-native-application-security-top-10/",
22+
"https://cloudsecurityalliance.org/artifacts/security-guidance-v4/"
23+
]
24+
},
1725
{
1826
"id": "algorithmic_biases",
1927
"children": [

vulnerability-rating-taxonomy.json

Lines changed: 95 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,101 @@
33
"release_date": "2025-06-23T00:00:00+00:00"
44
},
55
"content": [
6+
{
7+
"id": "cloud_security",
8+
"name": "Cloud Security",
9+
"type": "category",
10+
"children": [
11+
{
12+
"id": "identity_and_access_management_iam_misconfigurations",
13+
"name": "Identity and Access Management (IAM) Misconfigurations",
14+
"type": "subcategory",
15+
"children": [
16+
{
17+
"id": "overly_permissive_iam_roles",
18+
"name": "Overly Permissive IAM Roles",
19+
"type": "variant",
20+
"priority": 2
21+
},
22+
{
23+
"id": "publicly_accessible_iam_credentials",
24+
"name": "Publicly Accessible IAM Credentials",
25+
"type": "variant",
26+
"priority": 1
27+
}
28+
]
29+
},
30+
{
31+
"id": "storage_misconfigurations",
32+
"name": "Storage Misconfigurations",
33+
"type": "subcategory",
34+
"children": [{
35+
"id": "publicly_accessible_cloud_storage",
36+
"name": "Publicly Accessible Cloud Storage",
37+
"type": "variant",
38+
"priority": null
39+
},
40+
{
41+
"id": "unencrypted_sensitive_data_at_rest",
42+
"name": "Unencrypted Sensitive Data at Rest",
43+
"type": "variant",
44+
"priority": 2
45+
}
46+
]
47+
},
48+
{
49+
"id": "network_configuration_issues",
50+
"name": "Network Configuration Issues",
51+
"type": "subcategory",
52+
"children": [
53+
{
54+
"id": "open_management_ports_to_the_internet",
55+
"name": "Open Management Ports to the Internet",
56+
"type": "variant",
57+
"priority": 3
58+
},
59+
{
60+
"id": "lack_of_network_segmentation",
61+
"name": "Lack of Network Segmentation",
62+
"type": "variant",
63+
"priority": 3
64+
}
65+
]
66+
},
67+
{
68+
"id": "misconfigured_services_and_apis",
69+
"name": "Misconfigured Services and APIs",
70+
"type": "subcategory",
71+
"children": [
72+
{
73+
"id": "exposed_debug_or_admin_interfaces",
74+
"name": "Exposed Debug or Admin Interfaces",
75+
"type": "variant",
76+
"priority": null
77+
},
78+
{
79+
"id": "insecure_api_endpoints",
80+
"name": "Insecure API Endpoints",
81+
"type": "variant",
82+
"priority": 4
83+
}
84+
]
85+
},
86+
{
87+
"id": "logging_and_monitoring_issues",
88+
"name": "Logging and Monitoring Issues",
89+
"type": "subcategory",
90+
"children": [
91+
{
92+
"id": "disabled_or_insufficient_logging",
93+
"name": "Disabled or Insufficient Logging",
94+
"type": "variant",
95+
"priority": 5
96+
}
97+
]
98+
}
99+
]
100+
},
6101
{
7102
"id": "ai_application_security",
8103
"name": "AI Application Security",

0 commit comments

Comments
 (0)