forked from bugcrowd/vulnerability-rating-taxonomy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
deprecated-node-mapping.json
236 lines (236 loc) · 11.8 KB
/
deprecated-node-mapping.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
{
"poor_physical_security": {
"1.1": "other"
},
"social_engineering": {
"1.1": "other"
},
"unvalidated_redirects_and_forwards.open_redirect.get_based_all_users": {
"1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
},
"unvalidated_redirects_and_forwards.open_redirect.get_based_authenticated": {
"1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
},
"unvalidated_redirects_and_forwards.open_redirect.get_based_unauthenticated": {
"1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
},
"broken_authentication_and_session_management.session_token_in_url.over_https": {
"1.2": "sensitive_data_exposure.sensitive_token_in_url"
},
"broken_authentication_and_session_management.session_token_in_url.over_http": {
"1.2": "sensitive_data_exposure.sensitive_token_in_url"
},
"broken_authentication_and_session_management.session_token_in_url": {
"1.2": "sensitive_data_exposure.sensitive_token_in_url"
},
"insecure_data_transport": {
"1.2": "mobile_security_misconfiguration"
},
"insecure_data_transport.ssl_certificate_pinning": {
"1.2": "mobile_security_misconfiguration.ssl_certificate_pinning"
},
"insecure_data_transport.ssl_certificate_pinning.absent": {
"1.2": "mobile_security_misconfiguration.ssl_certificate_pinning.absent"
},
"insecure_data_transport.ssl_certificate_pinning.defeatable": {
"1.2": "mobile_security_misconfiguration.ssl_certificate_pinning.defeatable"
},
"insecure_data_storage.credentials_stored_unencrypted": {
"1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted"
},
"insecure_data_storage.credentials_stored_unencrypted.on_external_storage": {
"1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_external_storage"
},
"insecure_data_storage.credentials_stored_unencrypted.on_internal_storage": {
"1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_internal_storage"
},
"insufficient_security_configurability.weak_password_policy.complexity_both_length_and_char_type_not_enforced": {
"1.2": "insufficient_security_configurability.no_password_policy"
},
"missing_function_level_access_control": {
"1.3": "broken_access_control"
},
"missing_function_level_access_control.server_side_request_forgery_ssrf": {
"1.3": "broken_access_control.server_side_request_forgery_ssrf"
},
"missing_function_level_access_control.server_side_request_forgery_ssrf.internal": {
"1.3": "broken_access_control.server_side_request_forgery_ssrf.internal"
},
"missing_function_level_access_control.server_side_request_forgery_ssrf.external": {
"1.3": "broken_access_control.server_side_request_forgery_ssrf.external"
},
"missing_function_level_access_control.username_enumeration": {
"1.3": "broken_access_control.username_enumeration"
},
"missing_function_level_access_control.username_enumeration.data_leak": {
"1.3": "broken_access_control.username_enumeration.data_leak"
},
"missing_function_level_access_control.exposed_sensitive_android_intent": {
"1.3": "broken_access_control.exposed_sensitive_android_intent"
},
"missing_function_level_access_control.exposed_sensitive_ios_url_scheme": {
"1.3": "broken_access_control.exposed_sensitive_ios_url_scheme"
},
"insecure_direct_object_references_idor": {
"1.3": "broken_access_control.idor"
},
"broken_authentication_and_session_management.weak_login_function.over_http": {
"1.4": "broken_authentication_and_session_management.weak_login_function.https_not_available_or_http_by_default"
},
"cross_site_scripting_xss.ie_only.older_version_ie_10_11": {
"1.4": "cross_site_scripting_xss.ie_only.ie11"
},
"cross_site_scripting_xss.ie_only.older_version_ie10": {
"1.4": "cross_site_scripting_xss.ie_only.older_version_ie11"
},
"broken_authentication_and_session_management.failure_to_invalidate_session.on_password_reset": {
"1.4": "broken_authentication_and_session_management.failure_to_invalidate_session.on_password_change"
},
"network_security_misconfiguration.telnet_enabled.credentials_required": {
"1.4": "broken_authentication_and_session_management.weak_login_function.other_plaintext_protocol_no_secure_alternative"
},
"server_security_misconfiguration.mail_server_misconfiguration.missing_spf_on_email_domain": {
"1.5": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain"
},
"server_security_misconfiguration.mail_server_misconfiguration.email_spoofable_via_third_party_api_misconfiguration": {
"1.5": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain"
},
"cross_site_scripting_xss.stored.admin_to_anyone": {
"1.5": "cross_site_scripting_xss.stored.privileged_user_to_privilege_elevation"
},
"server_security_misconfiguration.misconfigured_dns.subdomain_takeover": {
"1.5": "server_security_misconfiguration.misconfigured_dns.basic_subdomain_takeover"
},
"server_security_misconfiguration.captcha_bypass": {
"1.5": "server_security_misconfiguration.captcha"
},
"server_security_misconfiguration.captcha_bypass.implementation_vulnerability": {
"1.5": "server_security_misconfiguration.captcha.implementation_vulnerability"
},
"server_security_misconfiguration.captcha_bypass.brute_force": {
"1.5": "server_security_misconfiguration.captcha.brute_force"
},
"broken_access_control.server_side_request_forgery_ssrf.internal": {
"1.6": "broken_access_control.server_side_request_forgery_ssrf.internal_high_impact"
},
"server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain": {
"1.6": "server_security_misconfiguration.mail_server_misconfiguration.no_spoofing_protection_on_email_domain"
},
"server_security_misconfiguration.mail_server_misconfiguration.missing_spf_on_non_email_domain": {
"1.6": "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim"
},
"server_security_misconfiguration.mail_server_misconfiguration.spf_uses_a_soft_fail": {
"1.6": "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim"
},
"server_security_misconfiguration.mail_server_misconfiguration.spf_includes_10_lookups": {
"1.6": "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim"
},
"server_security_misconfiguration.mail_server_misconfiguration.missing_dmarc": {
"1.6": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_to_inbox_due_to_missing_or_misconfigured_dmarc_on_email_domain"
},
"broken_access_control.username_enumeration.data_leak": {
"1.7": "broken_access_control.username_enumeration.non_brute_force"
},
"insufficient_security_configurability.weak_2fa_implementation": {
"1.7": "insufficient_security_configurability.weak_two_fa_implementation"
},
"sensitive_data_exposure.token_leakage_via_referer.trusted_3rd_party": {
"1.7": "sensitive_data_exposure.token_leakage_via_referer.trusted_third_party"
},
"sensitive_data_exposure.token_leakage_via_referer.untrusted_3rd_party": {
"1.7": "sensitive_data_exposure.token_leakage_via_referer.untrusted_third_party"
},
"cross_site_scripting_xss.ie_only.ie11": {
"1.7": "cross_site_scripting_xss.ie_only.ie_eleven"
},
"cross_site_scripting_xss.ie_only.older_version_ie11": {
"1.7": "cross_site_scripting_xss.ie_only.older_version_ie_eleven"
},
"sensitive_data_exposure.critically_sensitive_data.password_disclosure": {
"1.9": "sensitive_data_exposure.disclosure_of_secrets"
},
"sensitive_data_exposure.critically_sensitive_data.private_api_keys": {
"1.9": "sensitive_data_exposure.disclosure_of_secrets"
},
"sensitive_data_exposure.critically_sensitive_data": {
"1.9": "sensitive_data_exposure"
},
"insufficient_security_configurability.lack_of_verification_email": {
"1.10": "insufficient_security_configurability.verification_of_contact_method_not_required"
},
"broken_authentication_and_session_management.weak_login_function.https_not_available_or_http_by_default": {
"1.10": "broken_authentication_and_session_management.weak_login_function.over_http"
},
"broken_authentication_and_session_management.weak_login_function.http_and_https_available": {
"1.10": "broken_authentication_and_session_management.weak_login_function.over_http"
},
"broken_authentication_and_session_management.weak_login_function.lan_only": {
"1.10": "broken_authentication_and_session_management.weak_login_function.over_http"
},
"cross_site_request_forgery_csrf.flash_based.high_impact": {
"1.10": "cross_site_request_forgery_csrf.flash_based"
},
"cross_site_request_forgery_csrf.flash_based.low_impact": {
"1.10": "cross_site_request_forgery_csrf.flash_based"
},
"automotive_security_misconfiguration.infotainment": {
"1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit"
},
"automotive_security_misconfiguration.infotainment.pii_leakage": {
"1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.pii_leakage"
},
"automotive_security_misconfiguration.infotainment.code_execution_can_bus_pivot": {
"1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.code_execution_can_bus_pivot"
},
"automotive_security_misconfiguration.infotainment.code_execution_no_can_bus_pivot": {
"1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.code_execution_no_can_bus_pivot"
},
"automotive_security_misconfiguration.infotainment.unauthorized_access_to_services": {
"1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.unauthorized_access_to_services"
},
"automotive_security_misconfiguration.infotainment.source_code_dump": {
"1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.source_code_dump"
},
"automotive_security_misconfiguration.infotainment.dos_brick": {
"1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.dos_brick"
},
"automotive_security_misconfiguration.infotainment.default_credentials": {
"1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit.default_credentials"
},
"broken_cryptography": {
"1.11": "other"
},
"broken_cryptography.cryptographic_flaw": {
"1.11": "other"
},
"broken_cryptography.cryptographic_flaw.incorrect_usage": {
"1.11": "other"
},
"cross_site_scripting_xss.ie_only.ie_eleven": {
"1.11": "other"
},
"cross_site_scripting_xss.ie_only.older_version_ie_eleven": {
"1.11": "cross_site_scripting_xss.ie_only"
},
"cross_site_scripting_xss.ie_only.xss_filter_disabled": {
"1.11": "other"
},
"automotive_security_misconfiguration.infotainment_radio_head_unit.pii_leakage": {
"1.11": "automotive_security_misconfiguration.infotainment_radio_head_unit.sensitive_data_leakage_exposure"
},
"broken_access_control.server_side_request_forgery_ssrf": {
"1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf"
},
"broken_access_control.server_side_request_forgery_ssrf.internal_high_impact": {
"1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf.internal_high_impact"
},
"broken_access_control.server_side_request_forgery_ssrf.internal_scan_and_or_medium_impact": {
"1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf.internal_scan_and_or_medium_impact"
},
"broken_access_control.server_side_request_forgery_ssrf.dns_query_only": {
"1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf.external_dns_query_only"
},
"broken_access_control.server_side_request_forgery_ssrf.external": {
"1.11": "server_security_misconfiguration.server_side_request_forgery_ssrf.external_low_impact"
}
}