From 5c6a566a5ab5e43f670c3ecccbdfa35a4f3fc4d5 Mon Sep 17 00:00:00 2001 From: TimmyBc Date: Mon, 23 Jun 2025 21:38:47 +0200 Subject: [PATCH 1/3] Admin Portal Expansion Add: Server Security Misconfiguration - Exposed Portal - Protected - P5 Server Security Misconfiguration - Exposed Portal - Admin Portal - P1 Server Security Misconfiguration - Exposed Portal - Non-Admin Portal - P3 Remove: Server Security Misconfiguration - Exposed Admin Portal - To Internet - P3 --- mappings/cvss_v3/cvss_v3.json | 17 ++++++++++++++++ .../remediation_advice.json | 12 +++++------ vulnerability-rating-taxonomy.json | 20 +++++++++++++++---- 3 files changed, 38 insertions(+), 11 deletions(-) diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json index 492dfb3..d016e90 100644 --- a/mappings/cvss_v3/cvss_v3.json +++ b/mappings/cvss_v3/cvss_v3.json @@ -1039,6 +1039,23 @@ } ] }, + { + "id": "exposed_portal", + "children": [ + { + "id": "protected", + "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N" + }, + { + "id": "admin_portal", + "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "id": "non_admin_portal", + "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ] + }, { "id": "clickjacking", "children": [ diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json index 24ba0d5..b96a887 100644 --- a/mappings/remediation_advice/remediation_advice.json +++ b/mappings/remediation_advice/remediation_advice.json @@ -1410,14 +1410,12 @@ ] }, { - "id": "exposed_admin_portal", - "children": [ - { - "id": "to_internet", - "remediation_advice": "As a best practice, consider restricting admin portal access to internal users only." - } + "id": "exposed_portal", + "remediation_advice": "Implement network-level access controls and authentication gateways to prevent unauthorized access to exposed portals, regardless of privilege level.", + "references": [ + "https://nordlayer.com/learn/access-control/best-practices-and-implementation/" ] - }, + }, { "id": "fingerprinting_banner_disclosure", "remediation_advice": "As a best practice, do not expose the specific software version." diff --git a/vulnerability-rating-taxonomy.json b/vulnerability-rating-taxonomy.json index 73873d5..1530e81 100644 --- a/vulnerability-rating-taxonomy.json +++ b/vulnerability-rating-taxonomy.json @@ -2384,15 +2384,27 @@ "priority": 5 }, { - "id": "exposed_admin_portal", - "name": "Exposed Admin Portal", + "id": "exposed_portal", + "name": "Exposed Portal", "type": "subcategory", "children": [ { - "id": "to_internet", - "name": "To Internet", + "id": "protected", + "name": "Protected", "type": "variant", "priority": 5 + }, + { + "id": "admin_portal", + "name": "Admin Portal", + "type": "variant", + "priority": 1 + }, + { + "id": "non_admin_portal", + "name": "Non-Admin Portal", + "type": "variant", + "priority": 3 } ] }, From 3e0c017080f8b8060115aa001495447d02cb3109 Mon Sep 17 00:00:00 2001 From: TimmyBc Date: Thu, 3 Jul 2025 16:47:25 +0200 Subject: [PATCH 2/3] Indicators of Attack Adding Indicators of Attack based on this: #466 issue. --- mappings/cvss_v3/cvss_v3.json | 4 ++++ mappings/cwe/cwe.json | 4 ++++ mappings/remediation_advice/remediation_advice.json | 4 ++++ vulnerability-rating-taxonomy.json | 6 ++++++ 4 files changed, 18 insertions(+) diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json index d016e90..f7a81bc 100644 --- a/mappings/cvss_v3/cvss_v3.json +++ b/mappings/cvss_v3/cvss_v3.json @@ -718,6 +718,10 @@ "id": "indicators_of_compromise", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, + { + "id": "indicators_of_attack", + "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" + }, { "id": "insecure_data_storage", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", diff --git a/mappings/cwe/cwe.json b/mappings/cwe/cwe.json index 395db0c..fa773cc 100644 --- a/mappings/cwe/cwe.json +++ b/mappings/cwe/cwe.json @@ -496,6 +496,10 @@ "id": "indicators_of_compromise", "cwe": null }, + { + "id": "indicators_of_attack", + "cwe": null + }, { "id": "insecure_data_storage", "cwe": [ diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json index b96a887..d8d74f3 100644 --- a/mappings/remediation_advice/remediation_advice.json +++ b/mappings/remediation_advice/remediation_advice.json @@ -893,6 +893,10 @@ "id": "indicators_of_compromise", "remediation_advice": "" }, + { + "id": "indicators_of_attack", + "remediation_advice": "" + }, { "id": "insecure_data_storage", "remediation_advice": "Consider encrypting data for storage, using the strongest encryption algorithms such as AES with a minimum of a 256-bit key size.", diff --git a/vulnerability-rating-taxonomy.json b/vulnerability-rating-taxonomy.json index 1530e81..a692a32 100644 --- a/vulnerability-rating-taxonomy.json +++ b/vulnerability-rating-taxonomy.json @@ -1484,6 +1484,12 @@ "type": "category", "priority": null }, + { + "id": "indicators_of_attack", + "name": "Indicators of Attack", + "type": "category", + "priority": null + }, { "id": "insecure_data_storage", "name": "Insecure Data Storage", From 09c780082f7d240cd59d993d2329336ca30cc035 Mon Sep 17 00:00:00 2001 From: TimmyBc Date: Mon, 21 Jul 2025 20:47:18 +0200 Subject: [PATCH 3/3] Revert "Indicators of Attack" This reverts commit 3e0c017080f8b8060115aa001495447d02cb3109. --- mappings/cvss_v3/cvss_v3.json | 4 ---- mappings/cwe/cwe.json | 4 ---- mappings/remediation_advice/remediation_advice.json | 4 ---- vulnerability-rating-taxonomy.json | 6 ------ 4 files changed, 18 deletions(-) diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json index f7a81bc..d016e90 100644 --- a/mappings/cvss_v3/cvss_v3.json +++ b/mappings/cvss_v3/cvss_v3.json @@ -718,10 +718,6 @@ "id": "indicators_of_compromise", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, - { - "id": "indicators_of_attack", - "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" - }, { "id": "insecure_data_storage", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", diff --git a/mappings/cwe/cwe.json b/mappings/cwe/cwe.json index fa773cc..395db0c 100644 --- a/mappings/cwe/cwe.json +++ b/mappings/cwe/cwe.json @@ -496,10 +496,6 @@ "id": "indicators_of_compromise", "cwe": null }, - { - "id": "indicators_of_attack", - "cwe": null - }, { "id": "insecure_data_storage", "cwe": [ diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json index d8d74f3..b96a887 100644 --- a/mappings/remediation_advice/remediation_advice.json +++ b/mappings/remediation_advice/remediation_advice.json @@ -893,10 +893,6 @@ "id": "indicators_of_compromise", "remediation_advice": "" }, - { - "id": "indicators_of_attack", - "remediation_advice": "" - }, { "id": "insecure_data_storage", "remediation_advice": "Consider encrypting data for storage, using the strongest encryption algorithms such as AES with a minimum of a 256-bit key size.", diff --git a/vulnerability-rating-taxonomy.json b/vulnerability-rating-taxonomy.json index a692a32..1530e81 100644 --- a/vulnerability-rating-taxonomy.json +++ b/vulnerability-rating-taxonomy.json @@ -1484,12 +1484,6 @@ "type": "category", "priority": null }, - { - "id": "indicators_of_attack", - "name": "Indicators of Attack", - "type": "category", - "priority": null - }, { "id": "insecure_data_storage", "name": "Insecure Data Storage",