Skip to content

Updating documentation for 5.1.1 #393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Updating documentation for 5.1.1 #393

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0dc774b
update schema docs for CPE
zmanion Mar 3, 2025
7123972
more correct update using docs.sh
zmanion Mar 3, 2025
934c7af
v5.1.0 archive
zmanion Mar 4, 2025
8e0b1fc
update URL in schema description
zmanion Mar 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion schema/CVE_Record_Format.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://cveproject.github.io/cve-schema/schema/CVE_Record_Format.json",
"title": "CVE JSON record format",
"description": "cve-schema specifies the CVE JSON record format. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE Record. Some examples of CVE Record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE Records for community benefit. Learn more about the CVE program at [the official website](https://cve.mitre.org). This CVE JSON record format is defined using JSON Schema. Learn more about JSON Schema [here](https://json-schema.org/).",
"description": "cve-schema specifies the CVE JSON Record Format. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE Record. Some examples of CVE Record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE Records for community benefit. Learn more about the CVE Program at [the official website](https://www.cve.org). This CVE JSON Record Format is defined using JSON Schema. Learn more about JSON Schema [here](https://json-schema.org/).",
"definitions": {
"uriType": {
"description": "A universal resource identifier (URI), according to [RFC 3986](https://tools.ietf.org/html/rfc3986).",
Expand Down
1,338 changes: 1,338 additions & 0 deletions schema/archive/v5.1.0/CVE_Record_Format.json
View file
Open in desktop

Large diffs are not rendered by default.

3,521 changes: 3,521 additions & 0 deletions schema/archive/v5.1.0/docs/CVE_Record_Format_bundled.json
View file
Open in desktop

Large diffs are not rendered by default.

3,445 changes: 3,445 additions & 0 deletions schema/archive/v5.1.0/docs/CVE_Record_Format_bundled_adpContainer.json
View file
Open in desktop

Large diffs are not rendered by default.

3,445 changes: 3,445 additions & 0 deletions schema/archive/v5.1.0/docs/CVE_Record_Format_bundled_cnaPublishedContainer.json
View file
Open in desktop

Large diffs are not rendered by default.

3,445 changes: 3,445 additions & 0 deletions schema/archive/v5.1.0/docs/CVE_Record_Format_bundled_cnaRejectedContainer.json
View file
Open in desktop

Large diffs are not rendered by default.

345 changes: 345 additions & 0 deletions schema/archive/v5.1.0/docs/cnaContainer-advanced-example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,345 @@
{
"cnaContainer": {
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"title": "Buffer overflow in Example Enterprise allows Privilege Escalation.",
"datePublic": "2021-09-08T16:24:00.000Z",
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"type": "CWE"
}
]
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"affected": [
{
"vendor": "Example.org",
"product": "Example Enterprise",
"platforms": [
"Windows",
"MacOS",
"XT-4500"
],
"collectionURL": "https://example.org/packages",
"packageName": "example_enterprise",
"repo": "git://example.org/source/example_enterprise",
"modules": [
"Web-Management-Interface"
],
"programFiles": [
"example_enterprise/example.php"
],
"programRoutines": [
{
"name": "parseFilename"
}
],
"versions": [
{
"version": "1.0.0",
"status": "affected",
"lessThan": "1.0.6",
"versionType": "semver"
},
{
"version": "2.1.0",
"status": "unaffected",
"lessThan": "2.1.*",
"changes": [
{
"at": "2.1.6",
"status": "affected"
},
{
"at": "2.1.9",
"status": "unaffected"
}
],
"versionType": "semver"
},
{
"version": "3.0.0",
"status": "unaffected",
"lessThan": "*",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
],
"cpeApplicability": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:example_org:example_enterprise:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "1.0.6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:example_org:example_enterprise:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.1.6",
"versionEndExcluding": "2.1.9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:some_company:xt-4500:*:*:*:*:*:*:*:*"
}
]
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, macOS, and XT-4500 allows remote unauthenticated attackers to escalate privileges. This issue affects: 1.0 versions before 1.0.6, 2.1 versions from 2.1.6 until 2.1.9.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "OS Command Injection vulnerability <tt>parseFilename</tt> function of <tt>example.php</tt> in the Web Management Interface of Example.org Example Enterprise on Windows, macOS, and XT-4500 allows remote unauthenticated attackers to escalate privileges.<br><br>This issue affects:<br><ul><li>1.0 versions before 1.0.6</li><li>2.1 versions from 2.1.6 until 2.1.9.</li></ul>"
}
]
},
{
"lang": "eo",
"value": "OS-komand-injekta vundebleco parseFilename funkcio de example.php en la Web Administrado-Interfaco de Example.org Example Enterprise \u0109e Windows, macOS kaj XT-4500 permesas al malproksimaj nea\u016dtentikigitaj atakantoj eskaladi privilegiojn. \u0108i tiu afero efikas: 1.0-versioj anta\u016d 1.0.6, 2.1-versioj de 2.1.6 \u011dis 2.1.9.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "OS-komand-injekta vundebleco <tt>parseFilename</tt> funkcio de <tt>example.php</tt> en la Web Administrado-Interfaco de Example.org Example Enterprise \u0109e Windows, macOS kaj XT-4500 permesas al malproksimaj nea\u016dtentikigitaj atakantoj eskaladi privilegiojn.<br><br> \u0108i tiu afero efikas:<br><ul><li>1.0-versioj anta\u016d 1.0.6</li><li>2.1-versioj de 2.1.6 \u011dis 2.1.9.</li></ul>"
}
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV4_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L",
"version": "4.0"
},
"cvssV3_1": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
},
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "If the enhanced host protection mode is turned on, this vulnerability can only be exploited to run os commands as user 'nobody'. Privilege escalation is not possible."
}
],
"cvssV3_1": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in 1.0.6, 2.1.9, and 3.0.0 and all later versions.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "This issue is fixed in 1.0.6, 2.1.9, and 3.0.0 and all later versions."
}
]
}
],
"workarounds": [
{
"lang": "en",
"value": "Disable the web management interface with the command\n> service disable webmgmt",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "Disable the web management interface with the command<br><pre>&gt; <b>service disable webmgmt</b></pre>"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Web management interface should be enabled.\n> service status webmgmt\nwebmgmt running",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "Web management interface should be enabled.<br><pre>&gt; <b>service status webmgmt</b><br>webmgmt running</pre>"
}
]
}
],
"exploits": [
{
"lang": "en",
"value": "Example.org is not aware of any malicious exploitation of the issue however exploits targeting this issue are publicly available.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "Example.org is not aware of any malicious exploitation of the issue however exploits targeting this issue are publicly available."
}
]
}
],
"timeline": [
{
"time": "2001-09-01T07:31:00.000Z",
"lang": "en",
"value": "Issue discovered by Alice using Acme Autofuzz"
},
{
"time": "2021-09-02T16:36:00.000Z",
"lang": "en",
"value": "Confirmed by Bob"
},
{
"time": "2021-09-07T16:37:00.000Z",
"lang": "en",
"value": "Fixes released"
}
],
"credits": [
{
"lang": "en",
"value": "Alice",
"type": "finder"
},
{
"lang": "en",
"value": "Bob",
"type": "analyst"
},
{
"lang": "en",
"value": "Acme Autofuzz",
"type": "tool"
}
],
"references": [
{
"url": "https://example.org/ESA-22-11-CVE-1900-1234",
"name": "ESA-22-11",
"tags": [
"vendor-advisory"
]
},
{
"url": "https://example.com/blog/alice/pwning_example_enterprise",
"name": "Pwning Example Enterprise",
"tags": [
"technical-description",
"third-party-advisory"
]
},
{
"url": "https://example.org/bugs/EXAMPLE-1234",
"name": "EXAMPLE-1234",
"tags": [
"issue-tracking"
]
},
{
"url": "https://example.org/ExampleEnterprise",
"tags": [
"product"
]
}
],
"source": {
"defects": [
"EXAMPLE-1234"
],
"advisory": "ESA-22-11",
"discovery": "EXTERNAL"
},
"taxonomyMappings": [
{
"taxonomyName": "ATT&CK",
"taxonomyVersion": "v9",
"taxonomyRelations": [
{
"taxonomyId": "T1190",
"relationshipName": "mitigated by",
"relationshipValue": "M1048"
}
]
}
]
}
}
43 changes: 43 additions & 0 deletions schema/archive/v5.1.0/docs/cnaContainer-basic-example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
{
"cnaContainer": {
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-78 OS Command Injection"
}
]
}
],
"affected": [
{
"vendor": "Example.org",
"product": "Example Enterprise",
"versions": [
{
"version": "1.0.0",
"status": "affected",
"lessThan": "1.0.6",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
],
"descriptions": [
{
"lang": "en",
"value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, MacOS and XT-4500 allows remote unauthenticated attackers to escalate privileges.\n\nThis issue affects:\n * 1.0 versions before 1.0.6\n * 2.1 versions from 2.16 until 2.1.9."
}
],
"references": [
{
"url": "https://example.org/ESA-22-11-CVE-1900-1234"
}
]
}
}
Loading