diff --git a/CHANGELOG.md b/CHANGELOG.md index 24ca7d9..0cb541b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,21 +1,43 @@ # Change Log + All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/) ## [Unreleased] + ### Added ### Removed ### Changed +## [v1.14.2](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.14.1...v1.14.2) - 2024-10-25 + +### Removed + +- Server Security Misconfiguration - Misconfigured DNS - High Impact Subdomain Takeover - P2 + +### Changed + +FROM: + +- Server Security Misconfiguration - Misconfigured DNS - Basic Subdomain Takeover - P3 + +TO: + +- Server Security Misconfiguration - Misconfigured DNS - Subdomain Takeover - P3 + ## [v1.14.1](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.14...v1.14.1) - 2024-07-18 + ### Changed + - `vulnerability-rating-taxononomy.json` correction ## [v1.14](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.13...v1.14) - 2024-07-09 + ### Added + - Server Security Misconfiguration - Email verification bypass - P5 - Server Security Misconfiguration - Missing Subresource Integrity - P5 - Sensitive Data Exposure - Token Leakage via Referer - Password Reset Token - P5 @@ -31,10 +53,13 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p - Developer Biases - Implicit Bias - VARIES ### Removed + - Broken Authentication and Session Management - Privilege Escalation - VARIES ## [v1.13](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.12...v1.13) - 2024-04-02 + ### Added + - Physical Security Issues - Bypass of physical access control - VARIES - Physical Security Issues - Weakness in physical access control - Clonable Key - VARIES - Physical Security Issues - Weakness in physical access control - Master Key Identification - VARIES @@ -54,7 +79,9 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p - Insecure OS/Firmware - Data not encrypted at rest - Non sensitive - P5 ## [v1.12](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.11...v1.12) - 2023-12-18 + ### Added + - Application Level DoS - Excessive Resource Consumption - Injection (Prompt) - VARIES - AI Application Security - Large Language Model (LLM) Security - Prompt Injection - P1 - AI Application Security - Large Language Model (LLM) Security - LLM Output Handling - P1 @@ -62,7 +89,9 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p - AI Application Security - Large Language Model (LLM) Security - Excessive Agency/Permission Manipulation - P2 ## [v1.11](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.10...v1.11) - 2023-11-20 + ### Added + - Sensitive Data Exposure - Disclosure of Secrets - PII Leakage/Exposure: VARIES - Server-Side Injection - Content Spoofing - HTML Content Injection: P5 - Broken Authentication and Session Management - Failure to invalidate session - Permission change: VARIES @@ -71,7 +100,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p - Cryptographic Weakness - Insufficient Entropy - Limited Random Number Generator (RNG) Entropy Source: P4 - Cryptographic Weakness - Insufficient_Entropy - Use of True Random Number Generator (TRNG) for Non-Security Purpose: P5 - Cryptographic Weakness - Insufficient_Entropy - Pseudo-Random Number Generator (PRNG) Seed Reuse: P5 -- Cryptographic Weakness - Insufficient_Entropy - Predictable Pseudo-Random Number Generator (PRNG) Seed: P4 +- Cryptographic Weakness - Insufficient_Entropy - Predictable Pseudo-Random Number Generator (PRNG) Seed: P4 - Cryptographic Weakness - Insufficient_Entropy - Small Seed Space in Pseudo-Random Number Generator (PRNG): P4 - Cryptographic Weakness - Insufficient_Entropy - Initialization Vector (IV) Reuse: P5 - Cryptographic Weakness - Insufficient_Entropy - Predictable Initialization Vector (IV): P4 @@ -106,40 +135,53 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p - Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read/Edit/Delete Sensitive Information (PII)/Iterable Object Identifier: P1 ### Changed -FROM: + +FROM: + - Cross-Site Scripting (XSS) - IE-Only - Older Version (< IE11): P5 -TO: +TO: + - Cross-Site Scripting (XSS) - IE-Only: P5 FROM: + - Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) - Internal High Impact: P2 - Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) - Internal Scan and/or Medium Impact: P3 - Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) - External: P4 - Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) - DNS Query Only : P5 TO: + - Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - Internal High Impact: P2 - Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - Internal Scan and/or Medium Impact: P3 - Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - External - Low impact: P5 - Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - External - DNS Query Only: P5 FROM: + - Automotive Security Misconfiguration - Infotainment, Radio Head Unit - PII Leakage: P1 TO: + - Automotive Security Misconfiguration - Infotainment, Radio Head Unit - Sensitive data Leakage/Exposure: P1 + ### Removed + - Cross-Site Scripting (XSS) - IE-Only - IE11: P4 - Cross-Site Scripting (XSS) - XSS Filter Disabled: P5 - Broken Cryptography - Cryptographic Flaw - Incorrect Usage: P1 ## [v1.10.1](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.10...v1.10.1) - 2021-03-29 + ### Changed + - renamed `secure code warriors` mapping to `secure code warrior` ## [v1.10](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.9...v1.10) - 2021-03-18 + ### Added + - insufficient_security_configurability.verification_of_contact_method_not_required - insufficient_security_configurability.weak_two_fa_implementation.two_fa_code_is_not_updated_after_new_code_is_requested - insufficient_security_configurability.weak_two_fa_implementation.old_two_fa_code_is_not_invalidated_after_new_code_is_generated @@ -176,6 +218,7 @@ TO: - automotive_security_misconfiguration.infotainment_radio_head_unit.default_credentials ### Removed + - insufficient_security_configurability.lack_of_verification_email - broken_authentication_and_session_management.weak_login_function.https_not_available_or_http_by_default - broken_authentication_and_session_management.weak_login_function.http_and_https_available @@ -192,14 +235,17 @@ TO: - automotive_security_misconfiguration.infotainment.default_credentials ### Changed - - server_security_misconfiguration.lack_of_security_headers.cache_control_for_a_non_sensitive_page updated remediation advice - - server_security_misconfiguration.lack_of_security_headers.cache_control_for_a_sensitive_page updated remediation advice - - cross_site_scripting_xss.flash_based priority changed from P4 to P5 - - cross_site_request_forgery_csrf.flash_based priority changed from null to P5 (due to children removal) - - using_components_with_known_vulnerabilities.rosetta_flash priority changed from P4 to P5 + +- server_security_misconfiguration.lack_of_security_headers.cache_control_for_a_non_sensitive_page updated remediation advice +- server_security_misconfiguration.lack_of_security_headers.cache_control_for_a_sensitive_page updated remediation advice +- cross_site_scripting_xss.flash_based priority changed from P4 to P5 +- cross_site_request_forgery_csrf.flash_based priority changed from null to P5 (due to children removal) +- using_components_with_known_vulnerabilities.rosetta_flash priority changed from P4 to P5 ## [v1.9](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.8...v1.9) - 2020-05-22 + ### Added + - sensitive_data_exposure.disclosure_of_secrets.for_publicly_accessible_asset - sensitive_data_exposure.disclosure_of_secrets.for_internal_asset - sensitive_data_exposure.disclosure_of_secrets.pay_per_use_abuse @@ -218,32 +264,40 @@ TO: - insufficient_security_configurability.password_policy_bypass ### Removed + - sensitive_data_exposure.critically_sensitive_data.password_disclosure - sensitive_data_exposure.critically_sensitive_data.private_api_keys - sensitive_data_exposure.critically_sensitive_data - ## [v1.8](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.7.1...v1.8) - 2019-09-25 + ### Added + - server_security_misconfiguration.race_condition - server_security_misconfiguration.cache_poisoning - indicators_of_compromise - broken_authentication_and_session_management.failure_to_invalidate_session.on_two_fa_activation_change ### Removed + - mobile_security_misconfiguration.clipboard_enabled.on_sensitive_content - mobile_security_misconfiguration.clipboard_enabled.on_non_sensitive_content ### Changed + - server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_non_email_domain name changed from "Email Spoofing on non-email domain" to "Email Spoofing on Non-Email Domain" - mobile_security_misconfiguration.clipboard_enabled priority changed from null to P5 (due to children removal) -## [v1.7.1](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.7...v1.7.1) - 2019-04-15 +## [v1.7.1](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.7...v1.7.1) - 2019-04-15 + ### Added + - Remediation Advice and CVSS mappings for automotive_security_misconfiguration -## [v1.7](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.6...v1.7) - 2019-03-13 +## [v1.7](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.6...v1.7) - 2019-03-13 + ### Added + - sensitive_data_exposure.weak_password_reset_implementation.token_leakage_via_host_header_poisoning - server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_non_email_domain - broken_access_control.username_enumeration.non_brute_force @@ -277,6 +331,7 @@ TO: - server_side_injection.content_spoofing.email_hyperlink_injection_based_on_email_provider ### Removed + - broken_access_control.username_enumeration.data_leak - insufficient_security_configurability.weak_2fa_implementation - sensitive_data_exposure.token_leakage_via_referer.trusted_3rd_party @@ -285,12 +340,15 @@ TO: - cross_site_scripting_xss.ie_only.older_version_ie11 ### Changed + - server_security_misconfiguration.username_enumeration name changed from "Username Enumeration" to "Username/Email Enumeration" - broken_access_control.username_enumeration name changed from "Username Enumeration" to "Username/Email Enumeration" - updated Remediation Advice reference URLs for OWASP ## [v1.6](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.5...v1.6) - 2018-09-13 + ### Added + - broken_access_control.server_side_request_forgery_ssrf.internal_high_impact - broken_access_control.server_side_request_forgery_ssrf.internal_scan_and_or_medium_impact - server_security_misconfiguration.mail_server_misconfiguration.no_spoofing_protection_on_email_domain @@ -299,6 +357,7 @@ TO: - server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim ### Removed + - broken_access_control.server_side_request_forgery_ssrf.internal - server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain - server_security_misconfiguration.mail_server_misconfiguration.missing_spf_on_non_email_domain @@ -307,7 +366,9 @@ TO: - server_security_misconfiguration.mail_server_misconfiguration.missing_dmarc ## [v1.5](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.4...v1.5) - 2018-09-13 + ### Added + - unvalidated_redirects_and_forwards.open_redirect.flash_based - cross_site_scripting_xss.flash_based - server_side_injection.content_spoofing.flash_based_external_authentication_injection @@ -333,6 +394,7 @@ TO: - cross_site_request_forgery_csrf.csrf_token_not_unique_per_request ### Removed + - server_security_misconfiguration.mail_server_misconfiguration.missing_spf_on_email_domain - server_security_misconfiguration.mail_server_misconfiguration.email_spoofable_via_third_party_api_misconfiguration - cross_site_scripting_xss.stored.admin_to_anyone @@ -340,6 +402,7 @@ TO: - server_security_misconfiguration.captcha_bypass ### Changed + - broken_authentication_and_session_management.failure_to_invalidate_session.on_password_change updated remediation advice - CWE mapping default changed from `[CWE-2000]` to `null` - Updated python version to 3.6 @@ -349,7 +412,9 @@ TO: - server_security_misconfiguration.captcha_bypass.brute_force moved via subcategory change to server_security_misconfiguration.captcha.brute_force ## [v1.4](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.3.1...v1.4) - 2018-04-13 + ### Added + - insufficient_security_configurability.weak_password_reset_implementation.token_is_not_invalidated_after_login - server_side_injection.content_spoofing.rtlo - mapping of VRT to CWE @@ -372,6 +437,7 @@ TO: - mapping of VRT to Remediation Advice ### Removed + - server_side_injection.sql_injection.error_based - server_side_injection.sql_injection.blind - broken_authentication_and_session_management.weak_login_function.over_http @@ -383,6 +449,7 @@ TO: - server_security_misconfiguration.using_default_credentials.staging_development_server ### Changed + - Use unittest for vrt validations - broken_authentication_and_session_management.failure_to_invalidate_session.all_sessions name changed from "All Sessions" to "Concurrent Sessions On Logout" - server_security_misconfiguration.oauth_misconfiguration.missing_state_parameter name changed from "Missing State Parameter" to "Missing/Broken State Parameter" @@ -399,11 +466,15 @@ TO: - server_security_misconfiguration.using_default_credentials priority changed from null to P1 (due to children removal) ## [v1.3.1](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.3...v1.3.1) - 2017-10-31 + ### Changed + - references to the invalid insufficient_security_configurability.weak_password_policy.no_password_policy updated to insufficient_security_configurability.no_password_policy ## [v1.3.0](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.2...v1.3) - 2017-09-22 + ### Added + - insecure_data_transport.cleartext_transmission_of_sensitive_data - broken_access_control - broken_access_control.idor @@ -413,10 +484,12 @@ TO: - server_security_misconfiguration.bitsquatting ### Removed + - missing_function_level_access_control - insecure_direct_object_references_idor ### Changed + - missing_function_level_access_control.server_side_request_forgery_ssrf moved via category change to broken_access_control.server_side_request_forgery_ssrf - missing_function_level_access_control.server_side_request_forgery_ssrf.internal moved via category change to broken_access_control.server_side_request_forgery_ssrf.internal - missing_function_level_access_control.server_side_request_forgery_ssrf.external moved via category change to broken_access_control.server_side_request_forgery_ssrf.external @@ -427,7 +500,9 @@ TO: - cross_site_request_forgery_csrf.application_wide name changed from Applicaton-Wide to Application-Wide ## [v1.2.0](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.1...v1.2) - 2017-08-04 + ### Added + - sensitive_data_exposure.visible_detailed_error_page.descriptive_stack_trace - sensitive_data_exposure.visible_detailed_error_page.detailed_server_configuration - unvalidated_redirects_and_forwards.open_redirect.get_based @@ -455,6 +530,7 @@ TO: - insecure_data_storage.server_side_credentials_storage.plaintext ### Removed + - unvalidated_redirects_and_forwards.open_redirect.get_based_all_users - unvalidated_redirects_and_forwards.open_redirect.get_based_authenticated - unvalidated_redirects_and_forwards.open_redirect.get_based_unauthenticated @@ -478,6 +554,7 @@ TO: - insufficient_security_configurability.weak_password_policy.allows_password_to_be_same_as_email_username ### Changed + - sensitive_data_exposure.visible_detailed_error_page name changed from 'Visible Detailed Error Page' to 'Visible Detailed Error/Debug Page' - server_security_misconfiguration.mail_server_misconfiguration.missing_dmarc name changed from 'Missing DMARC' to 'Missing DKIM/DMARC' - insecure_data_transport.ssl_certificate_pinning moved via category change to mobile_security_misconfiguration.ssl_certificate_pinning @@ -489,7 +566,9 @@ TO: - insufficient_security_configurability.weak_password_policy priority changed from null to P5 (due to children removal) ## [v1.1.0](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.0...v1.1) - 2017-04-13 + ### Added + - directory_listing_enabled - directory_listing_enabled.sensitive_data_exposure - directory_listing_enabled.non_sensitive_data_exposure @@ -502,10 +581,12 @@ TO: - cross_site_request_forgery_csrf.unauthenticated_action ### Removed + - poor_physical_security - social_engineering ### Changed + - cross_site_scripting_xss.cookie_based priority changed from P4 to P5 ## [1.0.0] - 2017-03-06 diff --git a/deprecated-node-mapping.json b/deprecated-node-mapping.json index 0836eb2..e43f6f3 100644 --- a/deprecated-node-mapping.json +++ b/deprecated-node-mapping.json @@ -98,9 +98,6 @@ "cross_site_scripting_xss.stored.admin_to_anyone": { "1.5": "cross_site_scripting_xss.stored.privileged_user_to_privilege_elevation" }, - "server_security_misconfiguration.misconfigured_dns.subdomain_takeover": { - "1.5": "server_security_misconfiguration.misconfigured_dns.basic_subdomain_takeover" - }, "server_security_misconfiguration.captcha_bypass": { "1.5": "server_security_misconfiguration.captcha" }, @@ -235,5 +232,11 @@ }, "broken_authentication_and_session_management.privilege_escalation": { "1.14": "broken_access_control.privilege_escalation" + }, + "server_security_misconfiguration.misconfigured_dns.high_impact_subdomain_takeover": { + "1.14.1": "other" + }, + "server_security_misconfiguration.misconfigured_dns.subdomain_takeover": { + "1.14.1": "server_security_misconfiguration.misconfigured_dns.basic_subdomain_takeover" } } diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json index 9e873fe..de48c50 100644 --- a/mappings/cvss_v3/cvss_v3.json +++ b/mappings/cvss_v3/cvss_v3.json @@ -80,13 +80,9 @@ "id": "misconfigured_dns", "children": [ { - "id": "basic_subdomain_takeover", + "id": "subdomain_takeover", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, - { - "id": "high_impact_subdomain_takeover", - "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" - }, { "id": "zone_transfer", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json index ed1f508..4717943 100644 --- a/mappings/remediation_advice/remediation_advice.json +++ b/mappings/remediation_advice/remediation_advice.json @@ -109,14 +109,7 @@ "id": "misconfigured_dns", "children": [ { - "id": "basic_subdomain_takeover", - "remediation_advice": "1. Set up your external service so it fully listens to your wildcard DNS.\n2. Keep your DNS-entries constantly vetted and restricted.", - "references": [ - "https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/" - ] - }, - { - "id": "high_impact_subdomain_takeover", + "id": "subdomain_takeover", "remediation_advice": "1. Set up your external service so it fully listens to your wildcard DNS.\n2. Keep your DNS-entries constantly vetted and restricted.", "references": [ "https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/" diff --git a/third-party-mappings/remediation_training/secure-code-warrior-links.json b/third-party-mappings/remediation_training/secure-code-warrior-links.json index 3c51fec..1a4b1eb 100755 --- a/third-party-mappings/remediation_training/secure-code-warrior-links.json +++ b/third-party-mappings/remediation_training/secure-code-warrior-links.json @@ -15,8 +15,7 @@ "server_security_misconfiguration.ssl_attack_breach_poodle_etc": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:ssl_attack_breach_poodle_etc&redirect=true", "server_security_misconfiguration.using_default_credentials": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:using_default_credentials&redirect=true", "server_security_misconfiguration.misconfigured_dns": null, - "server_security_misconfiguration.misconfigured_dns.basic_subdomain_takeover": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:misconfigured_dns:basic_subdomain_takeover&redirect=true", - "server_security_misconfiguration.misconfigured_dns.high_impact_subdomain_takeover": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:misconfigured_dns:high_impact_subdomain_takeover&redirect=true", + "server_security_misconfiguration.misconfigured_dns.subdomain_takeover": null, "server_security_misconfiguration.misconfigured_dns.zone_transfer": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:misconfigured_dns:zone_transfer&redirect=true", "server_security_misconfiguration.misconfigured_dns.missing_caa_record": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:misconfigured_dns:missing_caa_record&redirect=true", "server_security_misconfiguration.mail_server_misconfiguration": null, @@ -165,7 +164,7 @@ "sensitive_data_exposure.token_leakage_via_referer.password_reset_token": null, "sensitive_data_exposure.sensitive_token_in_url": null, "sensitive_data_exposure.sensitive_token_in_url.user_facing": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:sensitive_token_in_url:user_facing&redirect=true", - "sensitive_data_exposure.sensitive_token_in_url.in_the_background": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:sensitive_token_in_url:in_the_background&redirect=true", + "sensitive_data_exposure.sensitive_token_in_url.in_the_background": null, "sensitive_data_exposure.sensitive_token_in_url.on_password_reset": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:sensitive_token_in_url:on_password_reset&redirect=true", "sensitive_data_exposure.non_sensitive_token_in_url": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:non_sensitive_token_in_url&redirect=true", "sensitive_data_exposure.weak_password_reset_implementation": null, diff --git a/vulnerability-rating-taxonomy.json b/vulnerability-rating-taxonomy.json index 0b7e8b3..ed39afe 100644 --- a/vulnerability-rating-taxonomy.json +++ b/vulnerability-rating-taxonomy.json @@ -1,6 +1,6 @@ { "metadata": { - "release_date": "2024-07-18T00:00:00+00:00" + "release_date": "2024-10-25T00:00:00+00:00" }, "content": [ { @@ -100,17 +100,11 @@ "type": "subcategory", "children": [ { - "id": "basic_subdomain_takeover", - "name": "Basic Subdomain Takeover", + "id": "subdomain_takeover", + "name": "Subdomain Takeover", "type": "variant", "priority": 3 }, - { - "id": "high_impact_subdomain_takeover", - "name": "High Impact Subdomain Takeover", - "type": "variant", - "priority": 2 - }, { "id": "zone_transfer", "name": "Zone Transfer",