Skip to content

Releases: bugcrowd/vulnerability-rating-taxonomy

v1.5

13 Sep 17:14
@barnett barnett
v1.5
6315eff
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.5

Added

  • unvalidated_redirects_and_forwards.open_redirect.flash_based
  • cross_site_scripting_xss.flash_based
  • server_side_injection.content_spoofing.flash_based_external_authentication_injection
  • broken_authentication_and_session_management.session_fixation.remote_attack_vector
  • broken_authentication_and_session_management.session_fixation.local_attack_vector
  • broken_authentication_and_session_management.cleartext_transmission_of_session_token
  • broken_access_control.server_side_request_forgery_ssrf.dns_query_only
  • mobile_security_misconfiguration.clipboard_enabled
  • mobile_security_misconfiguration.clipboard_enabled.on_sensitive_content
  • mobile_security_misconfiguration.clipboard_enabled.on_non_sensitive_content
  • server_security_misconfiguration.waf_bypass.direct_server_access
  • broken_authentication_and_session_management.two_fa_bypass
  • server_security_misconfiguration.no_rate_limiting_on_form.sms_triggering
  • server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain
  • server_security_misconfiguration.insecure_ssl.certificate_error
  • cross_site_scripting_xss.stored.privileged_user_to_privilege_elevation
  • cross_site_scripting_xss.stored.privileged_user_to_no_privilege_elevation
  • server_security_misconfiguration.clickjacking.form_input
  • server_security_misconfiguration.misconfigured_dns.basic_subdomain_takeover
  • server_security_misconfiguration.misconfigured_dns.high_impact_subdomain_takeover
  • server_security_misconfiguration.captcha
  • server_security_misconfiguration.captcha.missing
  • cross_site_request_forgery_csrf.csrf_token_not_unique_per_request

Removed

  • server_security_misconfiguration.mail_server_misconfiguration.missing_spf_on_email_domain
  • server_security_misconfiguration.mail_server_misconfiguration.email_spoofable_via_third_party_api_misconfiguration
  • cross_site_scripting_xss.stored.admin_to_anyone
  • server_security_misconfiguration.misconfigured_dns.subdomain_takeover
  • server_security_misconfiguration.captcha_bypass

Changed

  • broken_authentication_and_session_management.failure_to_invalidate_session.on_password_change updated remediation advice
  • CWE mapping default changed from [CWE-2000] to null
  • Updated python version to 3.6
  • cross_site_scripting_xss.stored.non_admin_to_anyone name changed from "Non-Admin to Anyone" to "Non-Privileged User to Anyone"
  • server_security_misconfiguration.clickjacking.sensitive_action name changed from "Sensitive Action" to "Sensitive Click-Based Action"
  • server_security_misconfiguration.captcha_bypass.implementation_vulnerability moved via subcategory change to server_security_misconfiguration.captcha.implementation_vulnerability
  • server_security_misconfiguration.captcha_bypass.brute_force moved via subcategory change to server_security_misconfiguration.captcha.brute_force
Assets 2

v1.4

13 Apr 21:50
@barnett barnett
v1.4
71f76e8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.4

Available on Bugcrowd here: https://bugcrowd.com/vulnerability-rating-taxonomy/1.4

Added

  • insufficient_security_configurability.weak_password_reset_implementation.token_is_not_invalidated_after_login
  • server_side_injection.content_spoofing.rtlo
  • mapping of VRT to CWE
  • server_security_misconfiguration.dbms_misconfiguration.excessively_privileged_user_dba
  • cross_site_scripting_xss.stored.url_based
  • server_security_misconfiguration.oauth_misconfiguration.insecure_redirect_uri
  • server_security_misconfiguration.oauth_misconfiguration.account_takeover
  • client_side_injection.binary_planting.non_default_folder_privilege_escalation
  • broken_authentication_and_session_management.weak_login_function.not_operational
  • broken_authentication_and_session_management.weak_login_function.other_plaintext_protocol_no_secure_alternative
  • broken_authentication_and_session_management.weak_login_function.lan_only
  • broken_authentication_and_session_management.weak_login_function.http_and_https_available
  • broken_authentication_and_session_management.weak_login_function.https_not_available_or_http_by_default
  • cross_site_scripting_xss.ie_only.ie11
  • cross_site_scripting_xss.ie_only.older_version_ie11
  • broken_authentication_and_session_management.failure_to_invalidate_session.on_logout_server_side_only
  • sensitive_data_exposure.sensitive_token_in_url.user_facing
  • sensitive_data_exposure.sensitive_token_in_url.in_the_background
  • sensitive_data_exposure.sensitive_token_in_url.on_password_reset
  • mapping of VRT to Remediation Advice

Removed

  • server_side_injection.sql_injection.error_based
  • server_side_injection.sql_injection.blind
  • broken_authentication_and_session_management.weak_login_function.over_http
  • cross_site_scripting_xss.ie_only.older_version_ie_10_11
  • cross_site_scripting_xss.ie_only.older_version_ie10
  • broken_authentication_and_session_management.failure_to_invalidate_session.on_password_reset
  • network_security_misconfiguration.telnet_enabled.credentials_required
  • server_security_misconfiguration.using_default_credentials.production_server
  • server_security_misconfiguration.using_default_credentials.staging_development_server

Changed

  • Use unittest for vrt validations
  • broken_authentication_and_session_management.failure_to_invalidate_session.all_sessions name changed from "All Sessions" to "Concurrent Sessions On Logout"
  • server_security_misconfiguration.oauth_misconfiguration.missing_state_parameter name changed from "Missing State Parameter" to "Missing/Broken State Parameter"
  • server_security_misconfiguration.oauth_misconfiguration.missing_state_parameter priority changed from P4 to null
  • server_security_misconfiguration.no_rate_limiting_on_form.login priority changed from P3 to P4
  • client_side_injection.binary_planting.privilege_escalation name changed from "Privilege Escalation" to "Default Folder Privilege Escalation" priority changed from P4 to P3
  • server_security_misconfiguration.lack_of_password_confirmation.change_email_address priority changed from P4 to P5
  • server_security_misconfiguration.lack_of_password_confirmation.change_password priority changed from P4 to P5
  • server_security_misconfiguration.unsafe_file_upload.no_antivirus priority changed from P4 to P5
  • server_security_misconfiguration.unsafe_file_upload.no_size_limit priority changed from P4 to P5
  • broken_authentication_and_session_management.failure_to_invalidate_session.on_logout name changed from "On Logout" to "On Logout (Client and Server-Side)"
  • broken_authentication_and_session_management.failure_to_invalidate_session.on_password_change name changed from "On Password Change" to "On Password Reset and/or Change"
  • network_security_misconfiguration.telnet_enabled priority changed from null to P5 (due to children removal)
  • server_security_misconfiguration.using_default_credentials priority changed from null to P1 (due to children removal)
Assets 2

v1.3.1

01 Nov 00:02
@tessereth tessereth
v1.3.1
c9cd244
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.3.1

Changed

  • references to the invalid insufficient_security_configurability.weak_password_policy.no_password_policy updated to insufficient_security_configurability.no_password_policy
Assets 2

v1.3

23 Sep 15:21
@barnett barnett
v1.3
4c06014
Compare
Choose a tag to compare
v1.3

Available on Bugcrowd here: https://bugcrowd.com/vulnerability-rating-taxonomy/1.3

Added

  • insecure_data_transport.cleartext_transmission_of_sensitive_data
  • broken_access_control
  • broken_access_control.idor
  • mobile_security_misconfiguration.tapjacking
  • server_security_misconfiguration.misconfigured_dns.missing_caa_record
  • mapping of VRT to CVSS V3
  • server_security_misconfiguration.bitsquatting

Removed

  • missing_function_level_access_control
  • insecure_direct_object_references_idor

Changed

  • missing_function_level_access_control.server_side_request_forgery_ssrf moved via category change to broken_access_control.server_side_request_forgery_ssrf
  • missing_function_level_access_control.server_side_request_forgery_ssrf.internal moved via category change to broken_access_control.server_side_request_forgery_ssrf.internal
  • missing_function_level_access_control.server_side_request_forgery_ssrf.external moved via category change to broken_access_control.server_side_request_forgery_ssrf.external
  • missing_function_level_access_control.username_enumeration moved via category change to broken_access_control.username_enumeration
  • missing_function_level_access_control.username_enumeration.data_leak moved via category change to broken_access_control.username_enumeration.data_leak
  • missing_function_level_access_control.exposed_sensitive_android_intent moved via category change to broken_access_control.exposed_sensitive_android_intent
  • missing_function_level_access_control.exposed_sensitive_ios_url_scheme moved via category change to broken_access_control.exposed_sensitive_ios_url_scheme
  • cross_site_request_forgery_csrf.application_wide name changed from Applicaton-Wide to Application-Wide
Assets 2

v1.2

04 Aug 19:49
@barnett barnett
v1.2
7e3ea03
Compare
Choose a tag to compare
v1.2

Available on Bugcrowd here: https://bugcrowd.com/vulnerability-rating-taxonomy/1.2

Added

  • sensitive_data_exposure.visible_detailed_error_page.descriptive_stack_trace
  • sensitive_data_exposure.visible_detailed_error_page.detailed_server_configuration
  • unvalidated_redirects_and_forwards.open_redirect.get_based
  • sensitive_data_exposure.internal_ip_disclosure
  • sensitive_data_exposure.visible_detailed_error_page.full_path_disclosure
  • server_security_misconfiguration.cookie_scoped_to_parent_domain
  • client_side_injection.binary_planting
  • client_side_injection.binary_planting.privilege_escalation
  • client_side_injection.binary_planting.no_privilege_escalation
  • sensitive_data_exposure.token_leakage_via_referer.trusted_3rd_party
  • sensitive_data_exposure.token_leakage_via_referer.untrusted_3rd_party
  • server_security_misconfiguration.fingerprinting_banner_disclosure
  • server_security_misconfiguration.lack_of_password_confirmation.manage_two_fa
  • sensitive_data_exposure.json_hijacking
  • cross_site_request_forgery_csrf.action_specific.logout
  • broken_authentication_and_session_management.privilege_escalation
  • insecure_data_transport.executable_download
  • insecure_data_transport.executable_download.no_secure_integrity_check
  • insecure_data_transport.executable_download.secure_integrity_check
  • server_security_misconfiguration.rfd
  • sensitive_data_exposure.xssi
  • server_security_misconfiguration.misconfigured_dns.zone_transfer
  • insufficient_security_configurability.weak_password_policy.no_password_policy
  • insecure_data_storage.server_side_credentials_storage
  • insecure_data_storage.server_side_credentials_storage.plaintext

Removed

  • unvalidated_redirects_and_forwards.open_redirect.get_based_all_users
  • unvalidated_redirects_and_forwards.open_redirect.get_based_authenticated
  • unvalidated_redirects_and_forwards.open_redirect.get_based_unauthenticated
  • sensitive_data_exposure.token_leakage_via_referer.over_https
  • sensitive_data_exposure.mixed_content.sensitive_data_disclosure
  • sensitive_data_exposure.mixed_content.requires_being_a_man_in_the_middle
  • broken_authentication_and_session_management.session_token_in_url
  • broken_authentication_and_session_management.session_token_in_url.over_http
  • broken_authentication_and_session_management.session_token_in_url.over_https
  • broken_authentication_and_session_management.authentication_bypass.vertical
  • broken_authentication_and_session_management.authentication_bypass.horizontal
  • insecure_data_storage.credentials_stored_unencrypted
  • insecure_data_storage.credentials_stored_unencrypted.on_external_storage
  • insecure_data_storage.credentials_stored_unencrypted.on_internal_storage
  • insecure_data_storage.insecure_data_storage
  • insecure_data_storage.insecure_data_storage.password
  • insufficient_security_configurability.weak_password_policy.complexity_both_length_and_char_type_not_enforced
  • insufficient_security_configurability.weak_password_policy.complexity_length_not_enforced
  • insufficient_security_configurability.weak_password_policy.complexity_char_type_not_enforced
  • insufficient_security_configurability.weak_password_policy.allows_reuse_of_old_passwords
  • insufficient_security_configurability.weak_password_policy.allows_password_to_be_same_as_email_username

Changed

  • sensitive_data_exposure.visible_detailed_error_page name changed from 'Visible Detailed Error Page' to 'Visible Detailed Error/Debug Page'
  • server_security_misconfiguration.mail_server_misconfiguration.missing_dmarc name changed from 'Missing DMARC' to 'Missing DKIM/DMARC'
  • insecure_data_transport.ssl_certificate_pinning moved via category change to mobile_security_misconfiguration.ssl_certificate_pinning
  • insecure_data_transport.ssl_certificate_pinning.absent moved via category change to mobile_security_misconfiguration.ssl_certificate_pinning.absent
  • insecure_data_transport.ssl_certificate_pinning.defeatable moved via category change to mobile_security_misconfiguration.ssl_certificate_pinning.defeatable
  • sensitive_data_exposure.mixed_content name changed from 'Mixed Content' to 'Mixed Content (HTTPS Sourcing HTTP)'
  • sensitive_data_exposure.mixed_content priority changed from null to P5 (due to children removal)
  • broken_authentication_and_session_management.authentication_bypass priority changed from null to P1 (due to children removal)
  • insufficient_security_configurability.weak_password_policy priority changed from null to P5 (due to children removal)
Assets 2

v1.1

21 Jul 22:47
@barnett barnett
v1.1
8ab96c7
Compare
Choose a tag to compare
v1.1

Available on Bugcrowd here: https://bugcrowd.com/vulnerability-rating-taxonomy/1.1

Added

  • directory_listing_enabled
  • directory_listing_enabled.sensitive_data_exposure
  • directory_listing_enabled.non_sensitive_data_exposure
  • server_security_misconfiguration.path_traversal
  • cross_site_scripting_xss.reflected.self
  • cross_site_scripting_xss.reflected.non_self
  • cross_site_request_forgery_csrf.application_wide
  • cross_site_request_forgery_csrf.application_specific
  • cross_site_request_forgery_csrf.authenticated_action
  • cross_site_request_forgery_csrf.unauthenticated_action

Removed

  • poor_physical_security
  • social_engineering

Changed

  • cross_site_scripting_xss.cookie_based priority changed from P4 to P5
Assets 2

v1.0

14 Apr 00:00
@barnett barnett
v1.0
d0c7e59
This commit was signed with the committer’s verified signature.
barnett Barnett Klane
GPG key ID: 5F8EFFADD6DB3F68
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0

Available on Bugcrowd here: https://bugcrowd.com/vulnerability-rating-taxonomy/1.0

Assets 2