This reporting template is heavily based on HackerOne and inspired by the CVSS calculator, paraphrased from their documentation. The entire repo is included in the scope. You may also use the CVSS Calculator directly and send a screenshot of it; the link is included below.
- Which branch or asset is affected?
- What is the potential issue? Describe the vulnerability and include known CVEs.
- Is user input required? Yes | No
- Level of privilege? No login | Basic User | Administrator
- CIA Impact? Confidentiality, Integrity, Availability
- How can it be reproduced?
- Proof of Concept Video, images, written, etc. included
HackerOne. Submitting Reports. HackerOne Platform Documentation. Retrieved November 9, 2022, from https://docs.hackerone.com/hackers/submitting-reports.html
NIST. Common Vulnerability Scoring System Calculator. National Vulnerability Database. Retrieved November 9, 2022, from https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator