From 2c2cee915ae50a41d42f12d90a31a723009bc04e Mon Sep 17 00:00:00 2001 From: david-rocca Date: Thu, 2 Jan 2025 13:12:00 -0500 Subject: [PATCH] Updated examples to have cvssv4_0 --- api-docs/openapi.json | 270 ++ .../cve/create-adp-record-adp-request.json | 274 +- .../cve/create-cve-record-cna-request.json | 2482 ++++++++------- ...create-cve-record-secretariat-request.json | 2794 +++++++++-------- 4 files changed, 3451 insertions(+), 2369 deletions(-) diff --git a/api-docs/openapi.json b/api-docs/openapi.json index de6ecbf6f..6f9b15acc 100644 --- a/api-docs/openapi.json +++ b/api-docs/openapi.json @@ -3973,6 +3973,11 @@ "items": { "type": "object", "anyOf": [ + { + "required": [ + "cvssV4_0" + ] + }, { "required": [ "cvssV3_1" @@ -4018,6 +4023,271 @@ ] } }, + "cvssV4_0": { + "$schema": "http://json-schema.org/draft-07/schema#", + "additionalProperties": false, + "allOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + } + ], + "definitions": { + "attackComplexityType": { + "type": "string" + }, + "attackRequirementsType": { + "type": "string" + }, + "attackVectorType": { + "type": "string" + }, + "automatableType": { + "type": "string" + }, + "ciaRequirementType": { + "type": "string" + }, + "criticalScoreType": { + "type": "number" + }, + "criticalSeverityType": { + "const": "string" + }, + "exploitMaturityType": { + "type": "string" + }, + "highScoreType": { + "type": "number" + }, + "highSeverityType": { + "type": "string" + }, + "lowScoreType": { + "type": "number" + }, + "lowSeverityType": { + "type": "string" + }, + "mediumScoreType": { + "type": "number" + }, + "mediumSeverityType": { + "const": "string" + }, + "modifiedAttackComplexityType": { + "type": "string" + }, + "modifiedAttackRequirementsType": { + "type": "string" + }, + "modifiedAttackVectorType": { + "type": "string" + }, + "modifiedPrivilegesRequiredType": { + "type": "string" + }, + "modifiedSubCType": { + "type": "string" + }, + "modifiedSubIaType": { + "type": "string" + }, + "modifiedUserInteractionType": { + "type": "string" + }, + "modifiedVulnCiaType": { + "type": "string" + }, + "noneScoreType": { + "type": "number" + }, + "noneSeverityType": { + "const": "string" + }, + "privilegesRequiredType": { + "type": "string" + }, + "providerUrgencyType": { + "type": "string" + }, + "recoveryType": { + "type": "string" + }, + "safetyType": { + "type": "string" + }, + "scoreType": { + "type": "number" + }, + "severityType": { + "type": "string" + }, + "subCiaType": { + "type": "string" + }, + "userInteractionType": { + "type": "string" + }, + "valueDensityType": { + "type": "string" + }, + "vulnCiaType": { + "type": "string" + }, + "vulnerabilityResponseEffortType": { + "type": "string" + } + }, + "properties": { + "Automatable": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/automatableType" + }, + "Recovery": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/recoveryType" + }, + "Safety": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/safetyType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackComplexityType" + }, + "attackRequirements": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackRequirementsType" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackVectorType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "exploitMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/exploitMaturityType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackComplexityType" + }, + "modifiedAttackRequirements": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackRequirementsType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackVectorType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedSubAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType" + }, + "modifiedSubConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubCType" + }, + "modifiedSubIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedUserInteractionType" + }, + "modifiedVulnAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedVulnConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedVulnIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/privilegesRequiredType" + }, + "providerUrgency": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/providerUrgencyType" + }, + "subAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "subConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "subIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/userInteractionType" + }, + "valueDensity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/valueDensityType" + }, + "vectorString": { + "type": "string" + }, + "version": { + "description": "CVSS Version", + "enum": [ + "4.0" + ], + "type": "string" + }, + "vulnAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnerabilityResponseEffort": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnerabilityResponseEffortType" + } + }, + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "title": "JSON Schema for Common Vulnerability Scoring System version 4.0", + "type": "object" + }, "cvssV3_1": { "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", diff --git a/schemas/cve/create-adp-record-adp-request.json b/schemas/cve/create-adp-record-adp-request.json index 3a46ab774..c1264904e 100644 --- a/schemas/cve/create-adp-record-adp-request.json +++ b/schemas/cve/create-adp-record-adp-request.json @@ -581,6 +581,11 @@ "items": { "type": "object", "anyOf": [ + { + "required": [ + "cvssV4_0" + ] + }, { "required": [ "cvssV3_1" @@ -626,6 +631,271 @@ ] } }, + "cvssV4_0": { + "$schema": "http://json-schema.org/draft-07/schema#", + "additionalProperties": false, + "allOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + } + ], + "definitions": { + "attackComplexityType": { + "type": "string" + }, + "attackRequirementsType": { + "type": "string" + }, + "attackVectorType": { + "type": "string" + }, + "automatableType": { + "type": "string" + }, + "ciaRequirementType": { + "type": "string" + }, + "criticalScoreType": { + "type": "number" + }, + "criticalSeverityType": { + "const": "string" + }, + "exploitMaturityType": { + "type": "string" + }, + "highScoreType": { + "type": "number" + }, + "highSeverityType": { + "type": "string" + }, + "lowScoreType": { + "type": "number" + }, + "lowSeverityType": { + "type": "string" + }, + "mediumScoreType": { + "type": "number" + }, + "mediumSeverityType": { + "const": "string" + }, + "modifiedAttackComplexityType": { + "type": "string" + }, + "modifiedAttackRequirementsType": { + "type": "string" + }, + "modifiedAttackVectorType": { + "type": "string" + }, + "modifiedPrivilegesRequiredType": { + "type": "string" + }, + "modifiedSubCType": { + "type": "string" + }, + "modifiedSubIaType": { + "type": "string" + }, + "modifiedUserInteractionType": { + "type": "string" + }, + "modifiedVulnCiaType": { + "type": "string" + }, + "noneScoreType": { + "type": "number" + }, + "noneSeverityType": { + "const": "string" + }, + "privilegesRequiredType": { + "type": "string" + }, + "providerUrgencyType": { + "type": "string" + }, + "recoveryType": { + "type": "string" + }, + "safetyType": { + "type": "string" + }, + "scoreType": { + "type": "number" + }, + "severityType": { + "type": "string" + }, + "subCiaType": { + "type": "string" + }, + "userInteractionType": { + "type": "string" + }, + "valueDensityType": { + "type": "string" + }, + "vulnCiaType": { + "type": "string" + }, + "vulnerabilityResponseEffortType": { + "type": "string" + } + }, + "properties": { + "Automatable": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/automatableType" + }, + "Recovery": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/recoveryType" + }, + "Safety": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/safetyType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackComplexityType" + }, + "attackRequirements": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackRequirementsType" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackVectorType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "exploitMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/exploitMaturityType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackComplexityType" + }, + "modifiedAttackRequirements": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackRequirementsType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackVectorType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedSubAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType" + }, + "modifiedSubConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubCType" + }, + "modifiedSubIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedUserInteractionType" + }, + "modifiedVulnAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedVulnConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedVulnIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/privilegesRequiredType" + }, + "providerUrgency": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/providerUrgencyType" + }, + "subAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "subConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "subIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/userInteractionType" + }, + "valueDensity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/valueDensityType" + }, + "vectorString": { + "type": "string" + }, + "version": { + "description": "CVSS Version", + "enum": [ + "4.0" + ], + "type": "string" + }, + "vulnAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnerabilityResponseEffort": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnerabilityResponseEffortType" + } + }, + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "title": "JSON Schema for Common Vulnerability Scoring System version 4.0", + "type": "object" + }, "cvssV3_1": { "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", @@ -1315,7 +1585,9 @@ "additionalProperties": false } }, - "required":["adpContainer"], + "required": [ + "adpContainer" + ], "properties": { "adpContainer": { "$ref": "#/definitions/adpContainer" diff --git a/schemas/cve/create-cve-record-cna-request.json b/schemas/cve/create-cve-record-cna-request.json index e46b76117..0f39c162e 100644 --- a/schemas/cve/create-cve-record-cna-request.json +++ b/schemas/cve/create-cve-record-cna-request.json @@ -1,1191 +1,1461 @@ { - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "https://cve.org/cve/record/v5_00/", - "type": "object", - "title": "CVE JSON record format", - "description": "cve-schema specifies the CVE JSON record format. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE Record. Some examples of CVE Record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE Records for community benefit. Learn more about the CVE program at [the official website](https://cve.mitre.org). This CVE JSON record format is defined using JSON Schema. Learn more about JSON Schema [here](https://json-schema.org/).", - "definitions": { - "uriType": { - "type": "string", - "format": "uri" + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.org/cve/record/v5_00/", + "type": "object", + "title": "CVE JSON record format", + "description": "cve-schema specifies the CVE JSON record format. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE Record. Some examples of CVE Record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE Records for community benefit. Learn more about the CVE program at [the official website](https://cve.mitre.org). This CVE JSON record format is defined using JSON Schema. Learn more about JSON Schema [here](https://json-schema.org/).", + "definitions": { + "uriType": { + "type": "string", + "format": "uri" + }, + "uuidType": { + "type": "string" + }, + "reference": { + "type": "object", + "required": [ + "url" + ], + "properties": { + "url": { + "$ref": "#/definitions/uriType" }, - "uuidType": { - "type": "string" + "name": { + "type": "string" }, - "reference": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "url": { - "$ref": "#/definitions/uriType" - }, - "name": { - "type": "string" - }, - "tags": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/definitions/tagExtension" - }, - { - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "https://cve.mitre.org/cve/v5_00/tags/reference/", - "type": "string" - } - ] - } - } + "tags": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/reference/", + "type": "string" + } + ] + } + } + } + }, + "cveId": { + "type": "string" + }, + "orgId": { + "$ref": "#/definitions/uuidType" + }, + "userId": { + "$ref": "#/definitions/uuidType" + }, + "shortName": { + "type": "string" + }, + "datestamp": { + "type": "string", + "format": "date" + }, + "timestamp": { + "type": "string", + "format": "date-time" + }, + "version": { + "type": "string" + }, + "status": { + "type": "string" + }, + "product": { + "type": "object", + "allOf": [ + { + "anyOf": [ + { + "required": [ + "vendor", + "product" + ] + }, + { + "required": [ + "collectionURL", + "packageName" + ] } + ] }, - "cveId": { - "type": "string" + { + "anyOf": [ + { + "required": [ + "versions" + ] + }, + { + "required": [ + "defaultStatus" + ] + } + ] + } + ], + "properties": { + "vendor": { + "type": "string" }, - "orgId": { - "$ref": "#/definitions/uuidType" + "product": { + "type": "string" }, - "userId": { - "$ref": "#/definitions/uuidType" + "collectionURL": { + "$ref": "#/definitions/uriType" }, - "shortName": { - "type": "string" + "packageName": { + "type": "string" }, - "datestamp": { - "type": "string", - "format": "date" + "cpes": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } }, - "timestamp": { - "type": "string", - "format": "date-time" + "modules": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } }, - "version": { + "programFiles": { + "type": "array", + "uniqueItems": true, + "items": { "type": "string" + } + }, + "programRoutines": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + } + } + } }, - "status": { + "platforms": { + "type": "array", + "uniqueItems": true, + "items": { "type": "string" + } }, - "product": { + "repo": { + "$ref": "#/definitions/uriType" + }, + "defaultStatus": { + "$ref": "#/definitions/status" + }, + "versions": { + "type": "array", + "uniqueItems": true, + "items": { "type": "object", - "allOf": [ - { - "anyOf": [ - { - "required": [ - "vendor", - "product" - ] - }, - { - "required": [ - "collectionURL", - "packageName" - ] - } + "oneOf": [ + { + "required": [ + "version", + "status" + ], + "maxProperties": 2 + }, + { + "required": [ + "version", + "status", + "versionType" + ], + "oneOf": [ + { + "required": [ + "lessThan" ] - }, - { - "anyOf": [ - { - "required": [ - "versions" - ] - }, - { - "required": [ - "defaultStatus" - ] - } + }, + { + "required": [ + "lessThanOrEqual" ] - } + } + ] + } ], "properties": { - "vendor": { - "type": "string" - }, - "product": { - "type": "string" - }, - "collectionURL": { - "$ref": "#/definitions/uriType" - }, - "packageName": { - "type": "string" - }, - "cpes": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "string" - } - }, - "modules": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "string" - } - }, - "programFiles": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "string" - } - }, - "programRoutines": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - } - } - }, - "platforms": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "string" - } - }, - "repo": { - "$ref": "#/definitions/uriType" - }, - "defaultStatus": { - "$ref": "#/definitions/status" - }, - "versions": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "object", - "oneOf": [ - { - "required": [ - "version", - "status" - ], - "maxProperties": 2 - }, - { - "required": [ - "version", - "status", - "versionType" - ], - "oneOf": [ - { - "required": [ - "lessThan" - ] - }, - { - "required": [ - "lessThanOrEqual" - ] - } - ] - } - ], - "properties": { - "version": { - "$ref": "#/definitions/version" - }, - "status": { - "$ref": "#/definitions/status" - }, - "versionType": { - "type": "string" - }, - "lessThan": { - "$ref": "#/definitions/version" - }, - "lessThanOrEqual": { - "$ref": "#/definitions/version" - }, - "changes": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "type": "object", - "required": [ - "at", - "status" - ], - "properties": { - "at": { - "$ref": "#/definitions/version" - }, - "status": { - "$ref": "#/definitions/status" - } - } - } - } - } + "version": { + "$ref": "#/definitions/version" + }, + "status": { + "$ref": "#/definitions/status" + }, + "versionType": { + "type": "string" + }, + "lessThan": { + "$ref": "#/definitions/version" + }, + "lessThanOrEqual": { + "$ref": "#/definitions/version" + }, + "changes": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "at", + "status" + ], + "properties": { + "at": { + "$ref": "#/definitions/version" + }, + "status": { + "$ref": "#/definitions/status" } + } } + } } + } + } + } + }, + "dataType": { + "type": "string" + }, + "dataVersion": { + "type": "string" + }, + "cveMetadataPublished": { + "type": "object", + "required": [ + "cveId", + "assignerOrgId", + "state" + ], + "properties": { + "cveId": { + "$ref": "#/definitions/cveId" }, - "dataType": { - "type": "string" + "assignerOrgId": { + "$ref": "#/definitions/orgId" }, - "dataVersion": { - "type": "string" + "assignerShortName": { + "$ref": "#/definitions/shortName" + }, + "requesterUserId": { + "$ref": "#/definitions/userId" + }, + "dateUpdated": { + "$ref": "#/definitions/timestamp" + }, + "serial": { + "type": "integer" + }, + "dateReserved": { + "$ref": "#/definitions/timestamp" + }, + "datePublished": { + "$ref": "#/definitions/timestamp" + }, + "state": { + "type": "string" + } + }, + "additionalProperties": false + }, + "providerMetadata": { + "type": "object", + "properties": { + "orgId": { + "$ref": "#/definitions/orgId" + }, + "shortName": { + "$ref": "#/definitions/shortName" + }, + "dateUpdated": { + "$ref": "#/definitions/timestamp" + } + }, + "required": [ + "orgId" + ] + }, + "affected": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/product" + } + }, + "description": { + "type": "object", + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string" }, - "cveMetadataPublished": { + "supportingMedia": { + "type": "array", + "uniqueItems": true, + "minItems": 1, + "items": { "type": "object", - "required": [ - "cveId", - "assignerOrgId", - "state" - ], "properties": { - "cveId": { - "$ref": "#/definitions/cveId" - }, - "assignerOrgId": { - "$ref": "#/definitions/orgId" - }, - "assignerShortName": { - "$ref": "#/definitions/shortName" - }, - "requesterUserId": { - "$ref": "#/definitions/userId" - }, - "dateUpdated": { - "$ref": "#/definitions/timestamp" - }, - "serial": { - "type": "integer" - }, - "dateReserved": { - "$ref": "#/definitions/timestamp" + "type": { + "type": "string" + }, + "base64": { + "type": "boolean", + "default": false + }, + "value": { + "type": "string" + } + }, + "required": [ + "type", + "value" + ] + } + } + }, + "required": [ + "lang", + "value" + ], + "additionalProperties": false + }, + "englishLanguageDescription": { + "type": "object", + "properties": { + "lang": { + "$ref": "#/definitions/englishLanguage" + } + }, + "required": [ + "lang" + ] + }, + "descriptions": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + }, + "contains": { + "$ref": "#/definitions/englishLanguageDescription" + } + }, + "problemTypes": { + "type": "array", + "items": { + "type": "object", + "required": [ + "descriptions" + ], + "properties": { + "descriptions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "lang", + "description" + ], + "properties": { + "lang": { + "$ref": "#/definitions/language" }, - "datePublished": { - "$ref": "#/definitions/timestamp" + "description": { + "type": "string" }, - "state": { - "type": "string" - } - }, - "additionalProperties": false - }, - "providerMetadata": { - "type": "object", - "properties": { - "orgId": { - "$ref": "#/definitions/orgId" + "cweId": { + "type": "string" }, - "shortName": { - "$ref": "#/definitions/shortName" + "type": { + "type": "string" }, - "dateUpdated": { - "$ref": "#/definitions/timestamp" + "references": { + "$ref": "#/definitions/references" } + } }, + "minItems": 1, + "uniqueItems": true + } + } + }, + "minItems": 1, + "uniqueItems": true + }, + "references": { + "type": "array", + "items": { + "$ref": "#/definitions/reference" + }, + "minItems": 1, + "maxItems": 512, + "uniqueItems": true + }, + "impacts": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "descriptions" + ], + "properties": { + "capecId": { + "type": "string" + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + } + } + } + }, + "metrics": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "anyOf": [ + { "required": [ - "orgId" + "cvssV4_0" ] - }, - "affected": { + }, + { + "required": [ + "cvssV3_1" + ] + }, + { + "required": [ + "cvssV3_0" + ] + }, + { + "required": [ + "cvssV2_0" + ] + }, + { + "required": [ + "other" + ] + } + ], + "properties": { + "format": { + "type": "string" + }, + "scenarios": { "type": "array", "minItems": 1, + "uniqueItems": true, "items": { - "$ref": "#/definitions/product" - } - }, - "description": { - "type": "object", - "properties": { + "type": "object", + "properties": { "lang": { - "$ref": "#/definitions/language" + "$ref": "#/definitions/language" }, "value": { - "type": "string" - }, - "supportingMedia": { - "type": "array", - "uniqueItems": true, - "minItems": 1, - "items": { - "type": "object", - "properties": { - "type": { - "type": "string" - }, - "base64": { - "type": "boolean", - "default": false - }, - "value": { - "type": "string" - } - }, - "required": [ - "type", - "value" - ] - } + "type": "string" } - }, - "required": [ + }, + "required": [ "lang", "value" + ] + } + }, + "cvssV4_0": { + "$schema": "http://json-schema.org/draft-07/schema#", + "additionalProperties": false, + "allOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + } ], - "additionalProperties": false - }, - "englishLanguageDescription": { + "definitions": { + "attackComplexityType": { + "type": "string" + }, + "attackRequirementsType": { + "type": "string" + }, + "attackVectorType": { + "type": "string" + }, + "automatableType": { + "type": "string" + }, + "ciaRequirementType": { + "type": "string" + }, + "criticalScoreType": { + "type": "number" + }, + "criticalSeverityType": { + "const": "string" + }, + "exploitMaturityType": { + "type": "string" + }, + "highScoreType": { + "type": "number" + }, + "highSeverityType": { + "type": "string" + }, + "lowScoreType": { + "type": "number" + }, + "lowSeverityType": { + "type": "string" + }, + "mediumScoreType": { + "type": "number" + }, + "mediumSeverityType": { + "const": "string" + }, + "modifiedAttackComplexityType": { + "type": "string" + }, + "modifiedAttackRequirementsType": { + "type": "string" + }, + "modifiedAttackVectorType": { + "type": "string" + }, + "modifiedPrivilegesRequiredType": { + "type": "string" + }, + "modifiedSubCType": { + "type": "string" + }, + "modifiedSubIaType": { + "type": "string" + }, + "modifiedUserInteractionType": { + "type": "string" + }, + "modifiedVulnCiaType": { + "type": "string" + }, + "noneScoreType": { + "type": "number" + }, + "noneSeverityType": { + "const": "string" + }, + "privilegesRequiredType": { + "type": "string" + }, + "providerUrgencyType": { + "type": "string" + }, + "recoveryType": { + "type": "string" + }, + "safetyType": { + "type": "string" + }, + "scoreType": { + "type": "number" + }, + "severityType": { + "type": "string" + }, + "subCiaType": { + "type": "string" + }, + "userInteractionType": { + "type": "string" + }, + "valueDensityType": { + "type": "string" + }, + "vulnCiaType": { + "type": "string" + }, + "vulnerabilityResponseEffortType": { + "type": "string" + } + }, + "properties": { + "Automatable": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/automatableType" + }, + "Recovery": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/recoveryType" + }, + "Safety": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/safetyType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackComplexityType" + }, + "attackRequirements": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackRequirementsType" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackVectorType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "exploitMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/exploitMaturityType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackComplexityType" + }, + "modifiedAttackRequirements": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackRequirementsType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackVectorType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedSubAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType" + }, + "modifiedSubConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubCType" + }, + "modifiedSubIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedUserInteractionType" + }, + "modifiedVulnAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedVulnConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedVulnIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/privilegesRequiredType" + }, + "providerUrgency": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/providerUrgencyType" + }, + "subAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "subConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "subIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/userInteractionType" + }, + "valueDensity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/valueDensityType" + }, + "vectorString": { + "type": "string" + }, + "version": { + "description": "CVSS Version", + "enum": [ + "4.0" + ], + "type": "string" + }, + "vulnAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnerabilityResponseEffort": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnerabilityResponseEffortType" + } + }, + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "title": "JSON Schema for Common Vulnerability Scoring System version 4.0", + "type": "object" + }, + "cvssV3_1": { + "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", + "definitions": { + "attackVectorType": { + "type": "string" + }, + "modifiedAttackVectorType": { + "type": "string" + }, + "attackComplexityType": { + "type": "string" + }, + "modifiedAttackComplexityType": { + "type": "string" + }, + "privilegesRequiredType": { + "type": "string" + }, + "modifiedPrivilegesRequiredType": { + "type": "string" + }, + "userInteractionType": { + "type": "string" + }, + "modifiedUserInteractionType": { + "type": "string" + }, + "scopeType": { + "type": "string" + }, + "modifiedScopeType": { + "type": "string" + }, + "ciaType": { + "type": "string" + }, + "modifiedCiaType": { + "type": "string" + }, + "exploitCodeMaturityType": { + "type": "string" + }, + "remediationLevelType": { + "type": "string" + }, + "confidenceType": { + "type": "string" + }, + "ciaRequirementType": { + "type": "string" + }, + "scoreType": { + "type": "number" + }, + "severityType": { + "type": "string" + } + }, "properties": { - "lang": { - "$ref": "#/definitions/englishLanguage" - } + "version": { + "description": "CVSS Version", + "type": "string" + }, + "vectorString": { + "type": "string" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackComplexityType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/userInteractionType" + }, + "scope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scopeType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + }, + "exploitCodeMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/exploitCodeMaturityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/confidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "temporalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackComplexityType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedUserInteractionType" + }, + "modifiedScope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedScopeType" + }, + "modifiedConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "modifiedIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "modifiedAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + } + }, + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ] + }, + "cvssV3_0": { + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string" + }, + "modifiedAttackVectorType": { + "type": "string" + }, + "attackComplexityType": { + "type": "string" + }, + "modifiedAttackComplexityType": { + "type": "string" + }, + "privilegesRequiredType": { + "type": "string" + }, + "modifiedPrivilegesRequiredType": { + "type": "string" + }, + "userInteractionType": { + "type": "string" + }, + "modifiedUserInteractionType": { + "type": "string" + }, + "scopeType": { + "type": "string" + }, + "modifiedScopeType": { + "type": "string" + }, + "ciaType": { + "type": "string" + }, + "modifiedCiaType": { + "type": "string" + }, + "exploitCodeMaturityType": { + "type": "string" + }, + "remediationLevelType": { + "type": "string" + }, + "confidenceType": { + "type": "string" + }, + "ciaRequirementType": { + "type": "string" + }, + "scoreType": { + "type": "number" + }, + "severityType": { + "type": "string" + } + }, + "properties": { + "version": { + "type": "string" + }, + "vectorString": { + "type": "string" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackComplexityType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/userInteractionType" + }, + "scope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scopeType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + }, + "exploitCodeMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/exploitCodeMaturityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/confidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "temporalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackComplexityType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedUserInteractionType" + }, + "modifiedScope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedScopeType" + }, + "modifiedConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "modifiedIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "modifiedAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + } }, "required": [ - "lang" + "version", + "vectorString", + "baseScore", + "baseSeverity" ] + }, + "cvssV2_0": { + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "definitions": { + "accessVectorType": { + "type": "string" + }, + "accessComplexityType": { + "type": "string" + }, + "authenticationType": { + "type": "string" + }, + "ciaType": { + "type": "string" + }, + "exploitabilityType": { + "type": "string" + }, + "remediationLevelType": { + "type": "string" + }, + "reportConfidenceType": { + "type": "string" + }, + "collateralDamagePotentialType": { + "type": "string" + }, + "targetDistributionType": { + "type": "string" + }, + "ciaRequirementType": { + "type": "string" + }, + "scoreType": { + "type": "number" + } + }, + "properties": { + "version": { + "type": "string" + }, + "vectorString": { + "type": "string" + }, + "accessVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessVectorType" + }, + "accessComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessComplexityType" + }, + "authentication": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/authenticationType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + }, + "exploitability": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/exploitabilityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/reportConfidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + }, + "collateralDamagePotential": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/collateralDamagePotentialType" + }, + "targetDistribution": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/targetDistributionType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + } + }, + "required": [ + "version", + "vectorString", + "baseScore" + ] + }, + "other": { + "type": "object", + "required": [ + "type", + "content" + ], + "properties": { + "type": { + "type": "string" + }, + "content": { + "type": "object" + } + } + } + } + } + }, + "configurations": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "workarounds": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "solutions": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "exploits": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "timeline": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "time", + "lang", + "value" + ], + "properties": { + "time": { + "$ref": "#/definitions/timestamp" + }, + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string" + } + } + } + }, + "credits": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string" + }, + "user": { + "$ref": "#/definitions/uuidType" + }, + "type": { + "type": "string" + } }, - "descriptions": { + "required": [ + "lang", + "value" + ] + } + }, + "source": { + "type": "object", + "minProperties": 1 + }, + "language": { + "type": "string" + }, + "englishLanguage": { + "type": "string" + }, + "taxonomyMappings": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "taxonomyName", + "taxonomyRelations" + ], + "properties": { + "taxonomyName": { + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "taxonomyVersion": { + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "taxonomyRelations": { "type": "array", "minItems": 1, "uniqueItems": true, "items": { - "$ref": "#/definitions/description" - }, - "contains": { - "$ref": "#/definitions/englishLanguageDescription" + "type": "object", + "required": [ + "taxonomyId", + "relationshipName", + "relationshipValue" + ], + "properties": { + "taxonomyId": { + "type": "string", + "minLength": 1, + "maxLength": 2048 + }, + "relationshipName": { + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "relationshipValue": { + "type": "string", + "minLength": 1, + "maxLength": 2048 + } + } } + } + } + } + }, + "tagExtension": { + "type": "string" + }, + "cnaTags": { + "type": "array", + "uniqueItems": true, + "minItems": 1, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/cna/", + "type": "string" + } + ] + } + }, + "adpTags": { + "type": "array", + "uniqueItems": true, + "minItems": 1, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/adp/", + "type": "string" + } + ] + } + } + }, + "required": [ + "cnaContainer" + ], + "properties": { + "cnaContainer": { + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "dateAssigned": { + "$ref": "#/definitions/timestamp" + }, + "datePublic": { + "$ref": "#/definitions/timestamp" + }, + "title": { + "type": "string" + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + }, + "affected": { + "$ref": "#/definitions/affected" }, "problemTypes": { - "type": "array", - "items": { - "type": "object", - "required": [ - "descriptions" - ], - "properties": { - "descriptions": { - "type": "array", - "items": { - "type": "object", - "required": [ - "lang", - "description" - ], - "properties": { - "lang": { - "$ref": "#/definitions/language" - }, - "description": { - "type": "string" - }, - "cweId": { - "type": "string" - }, - "type": { - "type": "string" - }, - "references": { - "$ref": "#/definitions/references" - } - } - }, - "minItems": 1, - "uniqueItems": true - } - } - }, - "minItems": 1, - "uniqueItems": true + "$ref": "#/definitions/problemTypes" }, "references": { - "type": "array", - "items": { - "$ref": "#/definitions/reference" - }, - "minItems": 1, - "maxItems": 512, - "uniqueItems": true + "$ref": "#/definitions/references" }, "impacts": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "type": "object", - "required": [ - "descriptions" - ], - "properties": { - "capecId": { - "type": "string" - }, - "descriptions": { - "$ref": "#/definitions/descriptions" - } - } - } + "$ref": "#/definitions/impacts" }, "metrics": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "type": "object", - "anyOf": [ - { - "required": [ - "cvssV3_1" - ] - }, - { - "required": [ - "cvssV3_0" - ] - }, - { - "required": [ - "cvssV2_0" - ] - }, - { - "required": [ - "other" - ] - } - ], - "properties": { - "format": { - "type": "string" - }, - "scenarios": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "type": "object", - "properties": { - "lang": { - "$ref": "#/definitions/language" - }, - "value": { - "type": "string" - } - }, - "required": [ - "lang", - "value" - ] - } - }, - "cvssV3_1": { - "$schema": "http://json-schema.org/draft-07/schema#", - "type": "object", - "definitions": { - "attackVectorType": { - "type": "string" - }, - "modifiedAttackVectorType": { - "type": "string" - }, - "attackComplexityType": { - "type": "string" - }, - "modifiedAttackComplexityType": { - "type": "string" - }, - "privilegesRequiredType": { - "type": "string" - }, - "modifiedPrivilegesRequiredType": { - "type": "string" - }, - "userInteractionType": { - "type": "string" - }, - "modifiedUserInteractionType": { - "type": "string" - }, - "scopeType": { - "type": "string" - }, - "modifiedScopeType": { - "type": "string" - }, - "ciaType": { - "type": "string" - }, - "modifiedCiaType": { - "type": "string" - }, - "exploitCodeMaturityType": { - "type": "string" - }, - "remediationLevelType": { - "type": "string" - }, - "confidenceType": { - "type": "string" - }, - "ciaRequirementType": { - "type": "string" - }, - "scoreType": { - "type": "number" - }, - "severityType": { - "type": "string" - } - }, - "properties": { - "version": { - "description": "CVSS Version", - "type": "string" - }, - "vectorString": { - "type": "string" - }, - "attackVector": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackVectorType" - }, - "attackComplexity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackComplexityType" - }, - "privilegesRequired": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/privilegesRequiredType" - }, - "userInteraction": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/userInteractionType" - }, - "scope": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scopeType" - }, - "confidentialityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" - }, - "integrityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" - }, - "availabilityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" - }, - "baseScore": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" - }, - "baseSeverity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" - }, - "exploitCodeMaturity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/exploitCodeMaturityType" - }, - "remediationLevel": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/remediationLevelType" - }, - "reportConfidence": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/confidenceType" - }, - "temporalScore": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" - }, - "temporalSeverity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" - }, - "confidentialityRequirement": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" - }, - "integrityRequirement": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" - }, - "availabilityRequirement": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" - }, - "modifiedAttackVector": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackVectorType" - }, - "modifiedAttackComplexity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackComplexityType" - }, - "modifiedPrivilegesRequired": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedPrivilegesRequiredType" - }, - "modifiedUserInteraction": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedUserInteractionType" - }, - "modifiedScope": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedScopeType" - }, - "modifiedConfidentialityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" - }, - "modifiedIntegrityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" - }, - "modifiedAvailabilityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" - }, - "environmentalScore": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" - }, - "environmentalSeverity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" - } - }, - "required": [ - "version", - "vectorString", - "baseScore", - "baseSeverity" - ] - }, - "cvssV3_0": { - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "definitions": { - "attackVectorType": { - "type": "string" - }, - "modifiedAttackVectorType": { - "type": "string" - }, - "attackComplexityType": { - "type": "string" - }, - "modifiedAttackComplexityType": { - "type": "string" - }, - "privilegesRequiredType": { - "type": "string" - }, - "modifiedPrivilegesRequiredType": { - "type": "string" - }, - "userInteractionType": { - "type": "string" - }, - "modifiedUserInteractionType": { - "type": "string" - }, - "scopeType": { - "type": "string" - }, - "modifiedScopeType": { - "type": "string" - }, - "ciaType": { - "type": "string" - }, - "modifiedCiaType": { - "type": "string" - }, - "exploitCodeMaturityType": { - "type": "string" - }, - "remediationLevelType": { - "type": "string" - }, - "confidenceType": { - "type": "string" - }, - "ciaRequirementType": { - "type": "string" - }, - "scoreType": { - "type": "number" - }, - "severityType": { - "type": "string" - } - }, - "properties": { - "version": { - "type": "string" - }, - "vectorString": { - "type": "string" - }, - "attackVector": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackVectorType" - }, - "attackComplexity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackComplexityType" - }, - "privilegesRequired": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/privilegesRequiredType" - }, - "userInteraction": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/userInteractionType" - }, - "scope": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scopeType" - }, - "confidentialityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" - }, - "integrityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" - }, - "availabilityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" - }, - "baseScore": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" - }, - "baseSeverity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" - }, - "exploitCodeMaturity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/exploitCodeMaturityType" - }, - "remediationLevel": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/remediationLevelType" - }, - "reportConfidence": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/confidenceType" - }, - "temporalScore": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" - }, - "temporalSeverity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" - }, - "confidentialityRequirement": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" - }, - "integrityRequirement": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" - }, - "availabilityRequirement": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" - }, - "modifiedAttackVector": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackVectorType" - }, - "modifiedAttackComplexity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackComplexityType" - }, - "modifiedPrivilegesRequired": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedPrivilegesRequiredType" - }, - "modifiedUserInteraction": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedUserInteractionType" - }, - "modifiedScope": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedScopeType" - }, - "modifiedConfidentialityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" - }, - "modifiedIntegrityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" - }, - "modifiedAvailabilityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" - }, - "environmentalScore": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" - }, - "environmentalSeverity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" - } - }, - "required": [ - "version", - "vectorString", - "baseScore", - "baseSeverity" - ] - }, - "cvssV2_0": { - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "definitions": { - "accessVectorType": { - "type": "string" - }, - "accessComplexityType": { - "type": "string" - }, - "authenticationType": { - "type": "string" - }, - "ciaType": { - "type": "string" - }, - "exploitabilityType": { - "type": "string" - }, - "remediationLevelType": { - "type": "string" - }, - "reportConfidenceType": { - "type": "string" - }, - "collateralDamagePotentialType": { - "type": "string" - }, - "targetDistributionType": { - "type": "string" - }, - "ciaRequirementType": { - "type": "string" - }, - "scoreType": { - "type": "number" - } - }, - "properties": { - "version": { - "type": "string" - }, - "vectorString": { - "type": "string" - }, - "accessVector": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessVectorType" - }, - "accessComplexity": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessComplexityType" - }, - "authentication": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/authenticationType" - }, - "confidentialityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" - }, - "integrityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" - }, - "availabilityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" - }, - "baseScore": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" - }, - "exploitability": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/exploitabilityType" - }, - "remediationLevel": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/remediationLevelType" - }, - "reportConfidence": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/reportConfidenceType" - }, - "temporalScore": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" - }, - "collateralDamagePotential": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/collateralDamagePotentialType" - }, - "targetDistribution": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/targetDistributionType" - }, - "confidentialityRequirement": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" - }, - "integrityRequirement": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" - }, - "availabilityRequirement": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" - }, - "environmentalScore": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" - } - }, - "required": [ - "version", - "vectorString", - "baseScore" - ] - }, - "other": { - "type": "object", - "required": [ - "type", - "content" - ], - "properties": { - "type": { - "type": "string" - }, - "content": { - "type": "object" - } - } - } - } - } + "$ref": "#/definitions/metrics" }, "configurations": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "$ref": "#/definitions/description" - } + "$ref": "#/definitions/configurations" }, "workarounds": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "$ref": "#/definitions/description" - } + "$ref": "#/definitions/workarounds" }, "solutions": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "$ref": "#/definitions/description" - } + "$ref": "#/definitions/solutions" }, "exploits": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "$ref": "#/definitions/description" - } + "$ref": "#/definitions/exploits" }, "timeline": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "type": "object", - "required": [ - "time", - "lang", - "value" - ], - "properties": { - "time": { - "$ref": "#/definitions/timestamp" - }, - "lang": { - "$ref": "#/definitions/language" - }, - "value": { - "type": "string" - } - } - } + "$ref": "#/definitions/timeline" }, "credits": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "type": "object", - "properties": { - "lang": { - "$ref": "#/definitions/language" - }, - "value": { - "type": "string" - }, - "user": { - "$ref": "#/definitions/uuidType" - }, - "type": { - "type": "string" - } - }, - "required": [ - "lang", - "value" - ] - } + "$ref": "#/definitions/credits" }, "source": { - "type": "object", - "minProperties": 1 + "$ref": "#/definitions/source" }, - "language": { - "type": "string" - }, - "englishLanguage": { - "type": "string" + "tags": { + "$ref": "#/definitions/cnaTags" }, "taxonomyMappings": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "type": "object", - "required": [ - "taxonomyName", - "taxonomyRelations" - ], - "properties": { - "taxonomyName": { - "type": "string", - "minLength": 1, - "maxLength": 128 - }, - "taxonomyVersion": { - "type": "string", - "minLength": 1, - "maxLength": 128 - }, - "taxonomyRelations": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "type": "object", - "required": [ - "taxonomyId", - "relationshipName", - "relationshipValue" - ], - "properties": { - "taxonomyId": { - "type": "string", - "minLength": 1, - "maxLength": 2048 - }, - "relationshipName": { - "type": "string", - "minLength": 1, - "maxLength": 128 - }, - "relationshipValue": { - "type": "string", - "minLength": 1, - "maxLength": 2048 - } - } - } - } - } - } - }, - "tagExtension": { - "type": "string" - }, - "cnaTags": { - "type": "array", - "uniqueItems": true, - "minItems": 1, - "items": { - "oneOf": [ - { - "$ref": "#/definitions/tagExtension" - }, - { - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "https://cve.mitre.org/cve/v5_00/tags/cna/", - "type": "string" - } - ] - } - }, - "adpTags": { - "type": "array", - "uniqueItems": true, - "minItems": 1, - "items": { - "oneOf": [ - { - "$ref": "#/definitions/tagExtension" - }, - { - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "https://cve.mitre.org/cve/v5_00/tags/adp/", - "type": "string" - } - ] - } - } - }, - "required": [ - "cnaContainer" - ], - "properties": { - "cnaContainer": { - "type": "object", - "properties": { - "providerMetadata": { - "$ref": "#/definitions/providerMetadata" - }, - "dateAssigned": { - "$ref": "#/definitions/timestamp" - }, - "datePublic": { - "$ref": "#/definitions/timestamp" - }, - "title": { - "type": "string" - }, - "descriptions": { - "$ref": "#/definitions/descriptions" - }, - "affected": { - "$ref": "#/definitions/affected" - }, - "problemTypes": { - "$ref": "#/definitions/problemTypes" - }, - "references": { - "$ref": "#/definitions/references" - }, - "impacts": { - "$ref": "#/definitions/impacts" - }, - "metrics": { - "$ref": "#/definitions/metrics" - }, - "configurations": { - "$ref": "#/definitions/configurations" - }, - "workarounds": { - "$ref": "#/definitions/workarounds" - }, - "solutions": { - "$ref": "#/definitions/solutions" - }, - "exploits": { - "$ref": "#/definitions/exploits" - }, - "timeline": { - "$ref": "#/definitions/timeline" - }, - "credits": { - "$ref": "#/definitions/credits" - }, - "source": { - "$ref": "#/definitions/source" - }, - "tags": { - "$ref": "#/definitions/cnaTags" - }, - "taxonomyMappings": { - "$ref": "#/definitions/taxonomyMappings" - } - }, - "required": [ - "providerMetadata", - "descriptions", - "affected", - "references" - ], - "patternProperties": { - "^x_[^.]*$": {} - }, - "additionalProperties": false + "$ref": "#/definitions/taxonomyMappings" } + }, + "required": [ + "providerMetadata", + "descriptions", + "affected", + "references" + ], + "patternProperties": { + "^x_[^.]*$": {} + }, + "additionalProperties": false } + } } \ No newline at end of file diff --git a/schemas/cve/create-cve-record-secretariat-request.json b/schemas/cve/create-cve-record-secretariat-request.json index 755ab39b8..39ebaac07 100644 --- a/schemas/cve/create-cve-record-secretariat-request.json +++ b/schemas/cve/create-cve-record-secretariat-request.json @@ -1,1339 +1,1609 @@ { - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "https://cve.org/cve/record/v5_00/", - "type": "object", - "title": "CVE JSON record format", - "description": "cve-schema specifies the CVE JSON record format. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE Record. Some examples of CVE Record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE Records for community benefit. Learn more about the CVE program at [the official website](https://cve.mitre.org). This CVE JSON record format is defined using JSON Schema. Learn more about JSON Schema [here](https://json-schema.org/).", - "definitions": { - "uriType": { - "type": "string", - "format": "uri" + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.org/cve/record/v5_00/", + "type": "object", + "title": "CVE JSON record format", + "description": "cve-schema specifies the CVE JSON record format. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE Record. Some examples of CVE Record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE Records for community benefit. Learn more about the CVE program at [the official website](https://cve.mitre.org). This CVE JSON record format is defined using JSON Schema. Learn more about JSON Schema [here](https://json-schema.org/).", + "definitions": { + "uriType": { + "type": "string", + "format": "uri" + }, + "uuidType": { + "type": "string" + }, + "reference": { + "type": "object", + "required": [ + "url" + ], + "properties": { + "url": { + "$ref": "#/definitions/uriType" }, - "uuidType": { - "type": "string" + "name": { + "type": "string" }, - "reference": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "url": { - "$ref": "#/definitions/uriType" - }, - "name": { - "type": "string" - }, - "tags": { - "type": "array", - "items": { - "oneOf": [ - { - "$ref": "#/definitions/tagExtension" - }, - { - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "https://cve.mitre.org/cve/v5_00/tags/reference/", - "type": "string" - } - ] - } - } + "tags": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/reference/", + "type": "string" + } + ] + } + } + } + }, + "cveId": { + "type": "string" + }, + "orgId": { + "$ref": "#/definitions/uuidType" + }, + "userId": { + "$ref": "#/definitions/uuidType" + }, + "shortName": { + "type": "string" + }, + "datestamp": { + "type": "string", + "format": "date" + }, + "timestamp": { + "type": "string", + "format": "date-time" + }, + "version": { + "type": "string" + }, + "status": { + "type": "string" + }, + "product": { + "type": "object", + "allOf": [ + { + "anyOf": [ + { + "required": [ + "vendor", + "product" + ] + }, + { + "required": [ + "collectionURL", + "packageName" + ] } + ] }, - "cveId": { - "type": "string" - }, - "orgId": { - "$ref": "#/definitions/uuidType" + { + "anyOf": [ + { + "required": [ + "versions" + ] + }, + { + "required": [ + "defaultStatus" + ] + } + ] + } + ], + "properties": { + "vendor": { + "type": "string" }, - "userId": { - "$ref": "#/definitions/uuidType" + "product": { + "type": "string" }, - "shortName": { - "type": "string" + "collectionURL": { + "$ref": "#/definitions/uriType" }, - "datestamp": { - "type": "string", - "format": "date" + "packageName": { + "type": "string" }, - "timestamp": { - "type": "string", - "format": "date-time" + "cpes": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } }, - "version": { + "modules": { + "type": "array", + "uniqueItems": true, + "items": { "type": "string" + } }, - "status": { + "programFiles": { + "type": "array", + "uniqueItems": true, + "items": { "type": "string" + } }, - "product": { + "programRoutines": { + "type": "array", + "uniqueItems": true, + "items": { "type": "object", - "allOf": [ - { - "anyOf": [ - { - "required": [ - "vendor", - "product" - ] - }, - { - "required": [ - "collectionURL", - "packageName" - ] - } - ] - }, - { - "anyOf": [ - { - "required": [ - "versions" - ] - }, - { - "required": [ - "defaultStatus" - ] - } - ] - } + "required": [ + "name" ], "properties": { - "vendor": { - "type": "string" - }, - "product": { - "type": "string" - }, - "collectionURL": { - "$ref": "#/definitions/uriType" - }, - "packageName": { - "type": "string" - }, - "cpes": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "string" - } - }, - "modules": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "string" - } - }, - "programFiles": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "string" - } - }, - "programRoutines": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - } - } - }, - "platforms": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "string" - } - }, - "repo": { - "$ref": "#/definitions/uriType" - }, - "defaultStatus": { - "$ref": "#/definitions/status" - }, - "versions": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "object", - "oneOf": [ - { - "required": [ - "version", - "status" - ], - "maxProperties": 2 - }, - { - "required": [ - "version", - "status", - "versionType" - ], - "oneOf": [ - { - "required": [ - "lessThan" - ] - }, - { - "required": [ - "lessThanOrEqual" - ] - } - ] - } - ], - "properties": { - "version": { - "$ref": "#/definitions/version" - }, - "status": { - "$ref": "#/definitions/status" - }, - "versionType": { - "type": "string" - }, - "lessThan": { - "$ref": "#/definitions/version" - }, - "lessThanOrEqual": { - "$ref": "#/definitions/version" - }, - "changes": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "type": "object", - "required": [ - "at", - "status" - ], - "properties": { - "at": { - "$ref": "#/definitions/version" - }, - "status": { - "$ref": "#/definitions/status" - } - } - } - } - } - } - } + "name": { + "type": "string" + } } + } }, - "dataType": { + "platforms": { + "type": "array", + "uniqueItems": true, + "items": { "type": "string" + } }, - "dataVersion": { - "type": "string" + "repo": { + "$ref": "#/definitions/uriType" }, - "cveMetadataPublished": { - "type": "object", - "required": [ - "cveId", - "assignerOrgId", - "state" - ], - "properties": { - "cveId": { - "$ref": "#/definitions/cveId" - }, - "assignerOrgId": { - "$ref": "#/definitions/orgId" - }, - "assignerShortName": { - "$ref": "#/definitions/shortName" - }, - "requesterUserId": { - "$ref": "#/definitions/userId" - }, - "dateUpdated": { - "$ref": "#/definitions/timestamp" - }, - "serial": { - "type": "integer" - }, - "dateReserved": { - "$ref": "#/definitions/timestamp" - }, - "datePublished": { - "$ref": "#/definitions/timestamp" - }, - "state": { - "type": "string" - } - }, - "additionalProperties": false + "defaultStatus": { + "$ref": "#/definitions/status" }, - "cveMetadataRejected": { + "versions": { + "type": "array", + "uniqueItems": true, + "items": { "type": "object", - "required": [ - "cveId", - "assignerOrgId", - "state" + "oneOf": [ + { + "required": [ + "version", + "status" + ], + "maxProperties": 2 + }, + { + "required": [ + "version", + "status", + "versionType" + ], + "oneOf": [ + { + "required": [ + "lessThan" + ] + }, + { + "required": [ + "lessThanOrEqual" + ] + } + ] + } ], "properties": { - "cveId": { - "$ref": "#/definitions/cveId" - }, - "assignerOrgId": { - "$ref": "#/definitions/orgId" - }, - "assignerShortName": { - "$ref": "#/definitions/shortName" - }, - "serial": { - "type": "integer" - }, - "dateUpdated": { - "$ref": "#/definitions/timestamp" - }, - "datePublished": { - "$ref": "#/definitions/timestamp" - }, - "dateRejected": { - "$ref": "#/definitions/timestamp" - }, - "state": { - "type": "string" - }, - "dateReserved": { - "$ref": "#/definitions/timestamp" + "version": { + "$ref": "#/definitions/version" + }, + "status": { + "$ref": "#/definitions/status" + }, + "versionType": { + "type": "string" + }, + "lessThan": { + "$ref": "#/definitions/version" + }, + "lessThanOrEqual": { + "$ref": "#/definitions/version" + }, + "changes": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "at", + "status" + ], + "properties": { + "at": { + "$ref": "#/definitions/version" + }, + "status": { + "$ref": "#/definitions/status" + } + } } - }, - "additionalProperties": false + } + } + } + } + } + }, + "dataType": { + "type": "string" + }, + "dataVersion": { + "type": "string" + }, + "cveMetadataPublished": { + "type": "object", + "required": [ + "cveId", + "assignerOrgId", + "state" + ], + "properties": { + "cveId": { + "$ref": "#/definitions/cveId" + }, + "assignerOrgId": { + "$ref": "#/definitions/orgId" + }, + "assignerShortName": { + "$ref": "#/definitions/shortName" + }, + "requesterUserId": { + "$ref": "#/definitions/userId" + }, + "dateUpdated": { + "$ref": "#/definitions/timestamp" + }, + "serial": { + "type": "integer" + }, + "dateReserved": { + "$ref": "#/definitions/timestamp" + }, + "datePublished": { + "$ref": "#/definitions/timestamp" + }, + "state": { + "type": "string" + } + }, + "additionalProperties": false + }, + "cveMetadataRejected": { + "type": "object", + "required": [ + "cveId", + "assignerOrgId", + "state" + ], + "properties": { + "cveId": { + "$ref": "#/definitions/cveId" + }, + "assignerOrgId": { + "$ref": "#/definitions/orgId" + }, + "assignerShortName": { + "$ref": "#/definitions/shortName" + }, + "serial": { + "type": "integer" + }, + "dateUpdated": { + "$ref": "#/definitions/timestamp" + }, + "datePublished": { + "$ref": "#/definitions/timestamp" + }, + "dateRejected": { + "$ref": "#/definitions/timestamp" + }, + "state": { + "type": "string" + }, + "dateReserved": { + "$ref": "#/definitions/timestamp" + } + }, + "additionalProperties": false + }, + "providerMetadata": { + "type": "object", + "properties": { + "orgId": { + "$ref": "#/definitions/orgId" + }, + "shortName": { + "$ref": "#/definitions/shortName" + }, + "dateUpdated": { + "$ref": "#/definitions/timestamp" + } + }, + "required": [ + "orgId" + ] + }, + "cnaPublishedContainer": { + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "dateAssigned": { + "$ref": "#/definitions/timestamp" + }, + "datePublic": { + "$ref": "#/definitions/timestamp" + }, + "title": { + "type": "string" + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + }, + "affected": { + "$ref": "#/definitions/affected" + }, + "problemTypes": { + "$ref": "#/definitions/problemTypes" + }, + "references": { + "$ref": "#/definitions/references" + }, + "impacts": { + "$ref": "#/definitions/impacts" + }, + "metrics": { + "$ref": "#/definitions/metrics" + }, + "configurations": { + "$ref": "#/definitions/configurations" + }, + "workarounds": { + "$ref": "#/definitions/workarounds" + }, + "solutions": { + "$ref": "#/definitions/solutions" + }, + "exploits": { + "$ref": "#/definitions/exploits" + }, + "timeline": { + "$ref": "#/definitions/timeline" + }, + "credits": { + "$ref": "#/definitions/credits" + }, + "source": { + "$ref": "#/definitions/source" + }, + "tags": { + "$ref": "#/definitions/cnaTags" }, + "taxonomyMappings": { + "$ref": "#/definitions/taxonomyMappings" + } + }, + "required": [ + "providerMetadata", + "descriptions", + "affected", + "references" + ], + "patternProperties": { + "^x_[^.]*$": {} + }, + "additionalProperties": false + }, + "cnaRejectedContainer": { + "type": "object", + "properties": { + "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "rejectedReasons": { + "$ref": "#/definitions/descriptions" + }, + "replacedBy": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/cveId" + } + } + }, + "required": [ + "providerMetadata", + "rejectedReasons" + ], + "patternProperties": { + "^x_[^.]*$": {} + }, + "additionalProperties": false + }, + "adpContainer": { + "type": "object", + "properties": { "providerMetadata": { + "$ref": "#/definitions/providerMetadata" + }, + "datePublic": { + "$ref": "#/definitions/timestamp" + }, + "title": { + "type": "string" + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + }, + "affected": { + "$ref": "#/definitions/affected" + }, + "problemTypes": { + "$ref": "#/definitions/problemTypes" + }, + "references": { + "$ref": "#/definitions/references" + }, + "impacts": { + "$ref": "#/definitions/impacts" + }, + "metrics": { + "$ref": "#/definitions/metrics" + }, + "configurations": { + "$ref": "#/definitions/configurations" + }, + "workarounds": { + "$ref": "#/definitions/workarounds" + }, + "solutions": { + "$ref": "#/definitions/solutions" + }, + "exploits": { + "$ref": "#/definitions/exploits" + }, + "timeline": { + "$ref": "#/definitions/timeline" + }, + "credits": { + "$ref": "#/definitions/credits" + }, + "source": { + "$ref": "#/definitions/source" + }, + "tags": { + "$ref": "#/definitions/adpTags" + }, + "taxonomyMappings": { + "$ref": "#/definitions/taxonomyMappings" + } + }, + "required": [ + "providerMetadata" + ], + "minProperties": 2, + "patternProperties": { + "^x_[^.]*$": {} + }, + "additionalProperties": false + }, + "affected": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/product" + } + }, + "description": { + "type": "object", + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string" + }, + "supportingMedia": { + "type": "array", + "uniqueItems": true, + "minItems": 1, + "items": { "type": "object", "properties": { - "orgId": { - "$ref": "#/definitions/orgId" - }, - "shortName": { - "$ref": "#/definitions/shortName" - }, - "dateUpdated": { - "$ref": "#/definitions/timestamp" - } + "type": { + "type": "string" + }, + "base64": { + "type": "boolean", + "default": false + }, + "value": { + "type": "string" + } }, "required": [ - "orgId" + "type", + "value" ] - }, - "cnaPublishedContainer": { - "type": "object", - "properties": { - "providerMetadata": { - "$ref": "#/definitions/providerMetadata" - }, - "dateAssigned": { - "$ref": "#/definitions/timestamp" - }, - "datePublic": { - "$ref": "#/definitions/timestamp" - }, - "title": { - "type": "string" + } + } + }, + "required": [ + "lang", + "value" + ], + "additionalProperties": false + }, + "englishLanguageDescription": { + "type": "object", + "properties": { + "lang": { + "$ref": "#/definitions/englishLanguage" + } + }, + "required": [ + "lang" + ] + }, + "descriptions": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + }, + "contains": { + "$ref": "#/definitions/englishLanguageDescription" + } + }, + "problemTypes": { + "type": "array", + "items": { + "type": "object", + "required": [ + "descriptions" + ], + "properties": { + "descriptions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "lang", + "description" + ], + "properties": { + "lang": { + "$ref": "#/definitions/language" }, - "descriptions": { - "$ref": "#/definitions/descriptions" + "description": { + "type": "string" }, - "affected": { - "$ref": "#/definitions/affected" + "cweId": { + "type": "string" }, - "problemTypes": { - "$ref": "#/definitions/problemTypes" + "type": { + "type": "string" }, "references": { - "$ref": "#/definitions/references" - }, - "impacts": { - "$ref": "#/definitions/impacts" - }, - "metrics": { - "$ref": "#/definitions/metrics" - }, - "configurations": { - "$ref": "#/definitions/configurations" - }, - "workarounds": { - "$ref": "#/definitions/workarounds" - }, - "solutions": { - "$ref": "#/definitions/solutions" - }, - "exploits": { - "$ref": "#/definitions/exploits" - }, - "timeline": { - "$ref": "#/definitions/timeline" - }, - "credits": { - "$ref": "#/definitions/credits" - }, - "source": { - "$ref": "#/definitions/source" - }, - "tags": { - "$ref": "#/definitions/cnaTags" - }, - "taxonomyMappings": { - "$ref": "#/definitions/taxonomyMappings" + "$ref": "#/definitions/references" } + } }, + "minItems": 1, + "uniqueItems": true + } + } + }, + "minItems": 1, + "uniqueItems": true + }, + "references": { + "type": "array", + "items": { + "$ref": "#/definitions/reference" + }, + "minItems": 1, + "maxItems": 512, + "uniqueItems": true + }, + "impacts": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "descriptions" + ], + "properties": { + "capecId": { + "type": "string" + }, + "descriptions": { + "$ref": "#/definitions/descriptions" + } + } + } + }, + "metrics": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "anyOf": [ + { "required": [ - "providerMetadata", - "descriptions", - "affected", - "references" - ], - "patternProperties": { - "^x_[^.]*$": {} - }, - "additionalProperties": false - }, - "cnaRejectedContainer": { - "type": "object", - "properties": { - "providerMetadata": { - "$ref": "#/definitions/providerMetadata" - }, - "rejectedReasons": { - "$ref": "#/definitions/descriptions" - }, - "replacedBy": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "$ref": "#/definitions/cveId" - } - } - }, + "cvssV4_0" + ] + }, + { "required": [ - "providerMetadata", - "rejectedReasons" - ], - "patternProperties": { - "^x_[^.]*$": {} - }, - "additionalProperties": false - }, - "adpContainer": { - "type": "object", - "properties": { - "providerMetadata": { - "$ref": "#/definitions/providerMetadata" - }, - "datePublic": { - "$ref": "#/definitions/timestamp" - }, - "title": { - "type": "string" - }, - "descriptions": { - "$ref": "#/definitions/descriptions" - }, - "affected": { - "$ref": "#/definitions/affected" - }, - "problemTypes": { - "$ref": "#/definitions/problemTypes" - }, - "references": { - "$ref": "#/definitions/references" - }, - "impacts": { - "$ref": "#/definitions/impacts" - }, - "metrics": { - "$ref": "#/definitions/metrics" - }, - "configurations": { - "$ref": "#/definitions/configurations" - }, - "workarounds": { - "$ref": "#/definitions/workarounds" - }, - "solutions": { - "$ref": "#/definitions/solutions" - }, - "exploits": { - "$ref": "#/definitions/exploits" - }, - "timeline": { - "$ref": "#/definitions/timeline" - }, - "credits": { - "$ref": "#/definitions/credits" - }, - "source": { - "$ref": "#/definitions/source" - }, - "tags": { - "$ref": "#/definitions/adpTags" - }, - "taxonomyMappings": { - "$ref": "#/definitions/taxonomyMappings" - } - }, + "cvssV3_1" + ] + }, + { "required": [ - "providerMetadata" - ], - "minProperties": 2, - "patternProperties": { - "^x_[^.]*$": {} - }, - "additionalProperties": false - }, - "affected": { + "cvssV3_0" + ] + }, + { + "required": [ + "cvssV2_0" + ] + }, + { + "required": [ + "other" + ] + } + ], + "properties": { + "format": { + "type": "string" + }, + "scenarios": { "type": "array", "minItems": 1, + "uniqueItems": true, "items": { - "$ref": "#/definitions/product" - } - }, - "description": { - "type": "object", - "properties": { + "type": "object", + "properties": { "lang": { - "$ref": "#/definitions/language" + "$ref": "#/definitions/language" }, "value": { - "type": "string" - }, - "supportingMedia": { - "type": "array", - "uniqueItems": true, - "minItems": 1, - "items": { - "type": "object", - "properties": { - "type": { - "type": "string" - }, - "base64": { - "type": "boolean", - "default": false - }, - "value": { - "type": "string" - } - }, - "required": [ - "type", - "value" - ] - } + "type": "string" } - }, - "required": [ + }, + "required": [ "lang", "value" + ] + } + }, + "cvssV4_0": { + "$schema": "http://json-schema.org/draft-07/schema#", + "additionalProperties": false, + "allOf": [ + { + "properties": { + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "threatScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "threatSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + }, + { + "properties": { + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneScoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/noneSeverityType" + } + } + } ], - "additionalProperties": false - }, - "englishLanguageDescription": { + "definitions": { + "attackComplexityType": { + "type": "string" + }, + "attackRequirementsType": { + "type": "string" + }, + "attackVectorType": { + "type": "string" + }, + "automatableType": { + "type": "string" + }, + "ciaRequirementType": { + "type": "string" + }, + "criticalScoreType": { + "type": "number" + }, + "criticalSeverityType": { + "const": "string" + }, + "exploitMaturityType": { + "type": "string" + }, + "highScoreType": { + "type": "number" + }, + "highSeverityType": { + "type": "string" + }, + "lowScoreType": { + "type": "number" + }, + "lowSeverityType": { + "type": "string" + }, + "mediumScoreType": { + "type": "number" + }, + "mediumSeverityType": { + "const": "string" + }, + "modifiedAttackComplexityType": { + "type": "string" + }, + "modifiedAttackRequirementsType": { + "type": "string" + }, + "modifiedAttackVectorType": { + "type": "string" + }, + "modifiedPrivilegesRequiredType": { + "type": "string" + }, + "modifiedSubCType": { + "type": "string" + }, + "modifiedSubIaType": { + "type": "string" + }, + "modifiedUserInteractionType": { + "type": "string" + }, + "modifiedVulnCiaType": { + "type": "string" + }, + "noneScoreType": { + "type": "number" + }, + "noneSeverityType": { + "const": "string" + }, + "privilegesRequiredType": { + "type": "string" + }, + "providerUrgencyType": { + "type": "string" + }, + "recoveryType": { + "type": "string" + }, + "safetyType": { + "type": "string" + }, + "scoreType": { + "type": "number" + }, + "severityType": { + "type": "string" + }, + "subCiaType": { + "type": "string" + }, + "userInteractionType": { + "type": "string" + }, + "valueDensityType": { + "type": "string" + }, + "vulnCiaType": { + "type": "string" + }, + "vulnerabilityResponseEffortType": { + "type": "string" + } + }, + "properties": { + "Automatable": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/automatableType" + }, + "Recovery": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/recoveryType" + }, + "Safety": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/safetyType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackComplexityType" + }, + "attackRequirements": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackRequirementsType" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/attackVectorType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "exploitMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/exploitMaturityType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/ciaRequirementType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackComplexityType" + }, + "modifiedAttackRequirements": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackRequirementsType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedAttackVectorType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedSubAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType" + }, + "modifiedSubConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubCType" + }, + "modifiedSubIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedSubIaType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedUserInteractionType" + }, + "modifiedVulnAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedVulnConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "modifiedVulnIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/modifiedVulnCiaType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/privilegesRequiredType" + }, + "providerUrgency": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/providerUrgencyType" + }, + "subAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "subConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "subIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/subCiaType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/userInteractionType" + }, + "valueDensity": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/valueDensityType" + }, + "vectorString": { + "type": "string" + }, + "version": { + "description": "CVSS Version", + "enum": [ + "4.0" + ], + "type": "string" + }, + "vulnAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnCiaType" + }, + "vulnerabilityResponseEffort": { + "$ref": "#/definitions/metrics/items/properties/cvssV4_0/definitions/vulnerabilityResponseEffortType" + } + }, + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ], + "title": "JSON Schema for Common Vulnerability Scoring System version 4.0", + "type": "object" + }, + "cvssV3_1": { + "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", + "definitions": { + "attackVectorType": { + "type": "string" + }, + "modifiedAttackVectorType": { + "type": "string" + }, + "attackComplexityType": { + "type": "string" + }, + "modifiedAttackComplexityType": { + "type": "string" + }, + "privilegesRequiredType": { + "type": "string" + }, + "modifiedPrivilegesRequiredType": { + "type": "string" + }, + "userInteractionType": { + "type": "string" + }, + "modifiedUserInteractionType": { + "type": "string" + }, + "scopeType": { + "type": "string" + }, + "modifiedScopeType": { + "type": "string" + }, + "ciaType": { + "type": "string" + }, + "modifiedCiaType": { + "type": "string" + }, + "exploitCodeMaturityType": { + "type": "string" + }, + "remediationLevelType": { + "type": "string" + }, + "confidenceType": { + "type": "string" + }, + "ciaRequirementType": { + "type": "string" + }, + "scoreType": { + "type": "number" + }, + "severityType": { + "type": "string" + } + }, "properties": { - "lang": { - "$ref": "#/definitions/englishLanguage" - } + "version": { + "description": "CVSS Version", + "type": "string" + }, + "vectorString": { + "type": "string" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackComplexityType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/userInteractionType" + }, + "scope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scopeType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + }, + "exploitCodeMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/exploitCodeMaturityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/confidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "temporalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackComplexityType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedUserInteractionType" + }, + "modifiedScope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedScopeType" + }, + "modifiedConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "modifiedIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "modifiedAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" + } }, "required": [ - "lang" + "version", + "vectorString", + "baseScore", + "baseSeverity" ] - }, - "descriptions": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "$ref": "#/definitions/description" + }, + "cvssV3_0": { + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "definitions": { + "attackVectorType": { + "type": "string" + }, + "modifiedAttackVectorType": { + "type": "string" + }, + "attackComplexityType": { + "type": "string" + }, + "modifiedAttackComplexityType": { + "type": "string" + }, + "privilegesRequiredType": { + "type": "string" + }, + "modifiedPrivilegesRequiredType": { + "type": "string" + }, + "userInteractionType": { + "type": "string" + }, + "modifiedUserInteractionType": { + "type": "string" + }, + "scopeType": { + "type": "string" + }, + "modifiedScopeType": { + "type": "string" + }, + "ciaType": { + "type": "string" + }, + "modifiedCiaType": { + "type": "string" + }, + "exploitCodeMaturityType": { + "type": "string" + }, + "remediationLevelType": { + "type": "string" + }, + "confidenceType": { + "type": "string" + }, + "ciaRequirementType": { + "type": "string" + }, + "scoreType": { + "type": "number" + }, + "severityType": { + "type": "string" + } }, - "contains": { - "$ref": "#/definitions/englishLanguageDescription" - } - }, - "problemTypes": { - "type": "array", - "items": { - "type": "object", - "required": [ - "descriptions" - ], - "properties": { - "descriptions": { - "type": "array", - "items": { - "type": "object", - "required": [ - "lang", - "description" - ], - "properties": { - "lang": { - "$ref": "#/definitions/language" - }, - "description": { - "type": "string" - }, - "cweId": { - "type": "string" - }, - "type": { - "type": "string" - }, - "references": { - "$ref": "#/definitions/references" - } - } - }, - "minItems": 1, - "uniqueItems": true - } - } + "properties": { + "version": { + "type": "string" + }, + "vectorString": { + "type": "string" + }, + "attackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackVectorType" + }, + "attackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackComplexityType" + }, + "privilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/privilegesRequiredType" + }, + "userInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/userInteractionType" + }, + "scope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scopeType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "baseSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + }, + "exploitCodeMaturity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/exploitCodeMaturityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/confidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "temporalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" + }, + "modifiedAttackVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackVectorType" + }, + "modifiedAttackComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackComplexityType" + }, + "modifiedPrivilegesRequired": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedPrivilegesRequiredType" + }, + "modifiedUserInteraction": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedUserInteractionType" + }, + "modifiedScope": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedScopeType" + }, + "modifiedConfidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "modifiedIntegrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "modifiedAvailabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" + }, + "environmentalSeverity": { + "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" + } }, - "minItems": 1, - "uniqueItems": true - }, - "references": { - "type": "array", - "items": { - "$ref": "#/definitions/reference" + "required": [ + "version", + "vectorString", + "baseScore", + "baseSeverity" + ] + }, + "cvssV2_0": { + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "definitions": { + "accessVectorType": { + "type": "string" + }, + "accessComplexityType": { + "type": "string" + }, + "authenticationType": { + "type": "string" + }, + "ciaType": { + "type": "string" + }, + "exploitabilityType": { + "type": "string" + }, + "remediationLevelType": { + "type": "string" + }, + "reportConfidenceType": { + "type": "string" + }, + "collateralDamagePotentialType": { + "type": "string" + }, + "targetDistributionType": { + "type": "string" + }, + "ciaRequirementType": { + "type": "string" + }, + "scoreType": { + "type": "number" + } }, - "minItems": 1, - "maxItems": 512, - "uniqueItems": true - }, - "impacts": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "type": "object", - "required": [ - "descriptions" - ], - "properties": { - "capecId": { - "type": "string" - }, - "descriptions": { - "$ref": "#/definitions/descriptions" - } - } - } - }, - "metrics": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "type": "object", - "anyOf": [ - { - "required": [ - "cvssV3_1" - ] - }, - { - "required": [ - "cvssV3_0" - ] - }, - { - "required": [ - "cvssV2_0" - ] - }, - { - "required": [ - "other" - ] - } - ], - "properties": { - "format": { - "type": "string" - }, - "scenarios": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "type": "object", - "properties": { - "lang": { - "$ref": "#/definitions/language" - }, - "value": { - "type": "string" - } - }, - "required": [ - "lang", - "value" - ] - } - }, - "cvssV3_1": { - "$schema": "http://json-schema.org/draft-07/schema#", - "type": "object", - "definitions": { - "attackVectorType": { - "type": "string" - }, - "modifiedAttackVectorType": { - "type": "string" - }, - "attackComplexityType": { - "type": "string" - }, - "modifiedAttackComplexityType": { - "type": "string" - }, - "privilegesRequiredType": { - "type": "string" - }, - "modifiedPrivilegesRequiredType": { - "type": "string" - }, - "userInteractionType": { - "type": "string" - }, - "modifiedUserInteractionType": { - "type": "string" - }, - "scopeType": { - "type": "string" - }, - "modifiedScopeType": { - "type": "string" - }, - "ciaType": { - "type": "string" - }, - "modifiedCiaType": { - "type": "string" - }, - "exploitCodeMaturityType": { - "type": "string" - }, - "remediationLevelType": { - "type": "string" - }, - "confidenceType": { - "type": "string" - }, - "ciaRequirementType": { - "type": "string" - }, - "scoreType": { - "type": "number" - }, - "severityType": { - "type": "string" - } - }, - "properties": { - "version": { - "description": "CVSS Version", - "type": "string" - }, - "vectorString": { - "type": "string" - }, - "attackVector": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackVectorType" - }, - "attackComplexity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/attackComplexityType" - }, - "privilegesRequired": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/privilegesRequiredType" - }, - "userInteraction": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/userInteractionType" - }, - "scope": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scopeType" - }, - "confidentialityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" - }, - "integrityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" - }, - "availabilityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaType" - }, - "baseScore": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" - }, - "baseSeverity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" - }, - "exploitCodeMaturity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/exploitCodeMaturityType" - }, - "remediationLevel": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/remediationLevelType" - }, - "reportConfidence": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/confidenceType" - }, - "temporalScore": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" - }, - "temporalSeverity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" - }, - "confidentialityRequirement": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" - }, - "integrityRequirement": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" - }, - "availabilityRequirement": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/ciaRequirementType" - }, - "modifiedAttackVector": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackVectorType" - }, - "modifiedAttackComplexity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedAttackComplexityType" - }, - "modifiedPrivilegesRequired": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedPrivilegesRequiredType" - }, - "modifiedUserInteraction": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedUserInteractionType" - }, - "modifiedScope": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedScopeType" - }, - "modifiedConfidentialityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" - }, - "modifiedIntegrityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" - }, - "modifiedAvailabilityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/modifiedCiaType" - }, - "environmentalScore": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/scoreType" - }, - "environmentalSeverity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_1/definitions/severityType" - } - }, - "required": [ - "version", - "vectorString", - "baseScore", - "baseSeverity" - ] - }, - "cvssV3_0": { - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "definitions": { - "attackVectorType": { - "type": "string" - }, - "modifiedAttackVectorType": { - "type": "string" - }, - "attackComplexityType": { - "type": "string" - }, - "modifiedAttackComplexityType": { - "type": "string" - }, - "privilegesRequiredType": { - "type": "string" - }, - "modifiedPrivilegesRequiredType": { - "type": "string" - }, - "userInteractionType": { - "type": "string" - }, - "modifiedUserInteractionType": { - "type": "string" - }, - "scopeType": { - "type": "string" - }, - "modifiedScopeType": { - "type": "string" - }, - "ciaType": { - "type": "string" - }, - "modifiedCiaType": { - "type": "string" - }, - "exploitCodeMaturityType": { - "type": "string" - }, - "remediationLevelType": { - "type": "string" - }, - "confidenceType": { - "type": "string" - }, - "ciaRequirementType": { - "type": "string" - }, - "scoreType": { - "type": "number" - }, - "severityType": { - "type": "string" - } - }, - "properties": { - "version": { - "type": "string" - }, - "vectorString": { - "type": "string" - }, - "attackVector": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackVectorType" - }, - "attackComplexity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/attackComplexityType" - }, - "privilegesRequired": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/privilegesRequiredType" - }, - "userInteraction": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/userInteractionType" - }, - "scope": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scopeType" - }, - "confidentialityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" - }, - "integrityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" - }, - "availabilityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaType" - }, - "baseScore": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" - }, - "baseSeverity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" - }, - "exploitCodeMaturity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/exploitCodeMaturityType" - }, - "remediationLevel": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/remediationLevelType" - }, - "reportConfidence": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/confidenceType" - }, - "temporalScore": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" - }, - "temporalSeverity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" - }, - "confidentialityRequirement": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" - }, - "integrityRequirement": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" - }, - "availabilityRequirement": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/ciaRequirementType" - }, - "modifiedAttackVector": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackVectorType" - }, - "modifiedAttackComplexity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedAttackComplexityType" - }, - "modifiedPrivilegesRequired": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedPrivilegesRequiredType" - }, - "modifiedUserInteraction": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedUserInteractionType" - }, - "modifiedScope": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedScopeType" - }, - "modifiedConfidentialityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" - }, - "modifiedIntegrityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" - }, - "modifiedAvailabilityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/modifiedCiaType" - }, - "environmentalScore": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/scoreType" - }, - "environmentalSeverity": { - "$ref": "#/definitions/metrics/items/properties/cvssV3_0/definitions/severityType" - } - }, - "required": [ - "version", - "vectorString", - "baseScore", - "baseSeverity" - ] - }, - "cvssV2_0": { - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "definitions": { - "accessVectorType": { - "type": "string" - }, - "accessComplexityType": { - "type": "string" - }, - "authenticationType": { - "type": "string" - }, - "ciaType": { - "type": "string" - }, - "exploitabilityType": { - "type": "string" - }, - "remediationLevelType": { - "type": "string" - }, - "reportConfidenceType": { - "type": "string" - }, - "collateralDamagePotentialType": { - "type": "string" - }, - "targetDistributionType": { - "type": "string" - }, - "ciaRequirementType": { - "type": "string" - }, - "scoreType": { - "type": "number" - } - }, - "properties": { - "version": { - "type": "string" - }, - "vectorString": { - "type": "string" - }, - "accessVector": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessVectorType" - }, - "accessComplexity": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessComplexityType" - }, - "authentication": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/authenticationType" - }, - "confidentialityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" - }, - "integrityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" - }, - "availabilityImpact": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" - }, - "baseScore": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" - }, - "exploitability": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/exploitabilityType" - }, - "remediationLevel": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/remediationLevelType" - }, - "reportConfidence": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/reportConfidenceType" - }, - "temporalScore": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" - }, - "collateralDamagePotential": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/collateralDamagePotentialType" - }, - "targetDistribution": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/targetDistributionType" - }, - "confidentialityRequirement": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" - }, - "integrityRequirement": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" - }, - "availabilityRequirement": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" - }, - "environmentalScore": { - "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" - } - }, - "required": [ - "version", - "vectorString", - "baseScore" - ] - }, - "other": { - "type": "object", - "required": [ - "type", - "content" - ], - "properties": { - "type": { - "type": "string" - }, - "content": { - "type": "object" - } - } - } - } - } - }, - "configurations": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "$ref": "#/definitions/description" - } - }, - "workarounds": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "$ref": "#/definitions/description" - } - }, - "solutions": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "$ref": "#/definitions/description" - } - }, - "exploits": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "$ref": "#/definitions/description" - } - }, - "timeline": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "type": "object", - "required": [ - "time", - "lang", - "value" - ], - "properties": { - "time": { - "$ref": "#/definitions/timestamp" - }, - "lang": { - "$ref": "#/definitions/language" - }, - "value": { - "type": "string" - } - } - } - }, - "credits": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "type": "object", - "properties": { - "lang": { - "$ref": "#/definitions/language" - }, - "value": { - "type": "string" - }, - "user": { - "$ref": "#/definitions/uuidType" - }, - "type": { - "type": "string" - } - }, - "required": [ - "lang", - "value" - ] - } - }, - "source": { + "properties": { + "version": { + "type": "string" + }, + "vectorString": { + "type": "string" + }, + "accessVector": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessVectorType" + }, + "accessComplexity": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/accessComplexityType" + }, + "authentication": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/authenticationType" + }, + "confidentialityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "integrityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "availabilityImpact": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaType" + }, + "baseScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + }, + "exploitability": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/exploitabilityType" + }, + "remediationLevel": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/remediationLevelType" + }, + "reportConfidence": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/reportConfidenceType" + }, + "temporalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + }, + "collateralDamagePotential": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/collateralDamagePotentialType" + }, + "targetDistribution": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/targetDistributionType" + }, + "confidentialityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "integrityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "availabilityRequirement": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/ciaRequirementType" + }, + "environmentalScore": { + "$ref": "#/definitions/metrics/items/properties/cvssV2_0/definitions/scoreType" + } + }, + "required": [ + "version", + "vectorString", + "baseScore" + ] + }, + "other": { "type": "object", - "minProperties": 1 - }, - "language": { - "type": "string" - }, - "englishLanguage": { - "type": "string" - }, - "taxonomyMappings": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "type": "object", - "required": [ - "taxonomyName", - "taxonomyRelations" - ], - "properties": { - "taxonomyName": { - "type": "string", - "minLength": 1, - "maxLength": 128 - }, - "taxonomyVersion": { - "type": "string", - "minLength": 1, - "maxLength": 128 - }, - "taxonomyRelations": { - "type": "array", - "minItems": 1, - "uniqueItems": true, - "items": { - "type": "object", - "required": [ - "taxonomyId", - "relationshipName", - "relationshipValue" - ], - "properties": { - "taxonomyId": { - "type": "string", - "minLength": 1, - "maxLength": 2048 - }, - "relationshipName": { - "type": "string", - "minLength": 1, - "maxLength": 128 - }, - "relationshipValue": { - "type": "string", - "minLength": 1, - "maxLength": 2048 - } - } - } - } - } + "required": [ + "type", + "content" + ], + "properties": { + "type": { + "type": "string" + }, + "content": { + "type": "object" + } } - }, - "tagExtension": { + } + } + } + }, + "configurations": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "workarounds": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "solutions": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "exploits": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/description" + } + }, + "timeline": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "time", + "lang", + "value" + ], + "properties": { + "time": { + "$ref": "#/definitions/timestamp" + }, + "lang": { + "$ref": "#/definitions/language" + }, + "value": { "type": "string" + } + } + } + }, + "credits": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "properties": { + "lang": { + "$ref": "#/definitions/language" + }, + "value": { + "type": "string" + }, + "user": { + "$ref": "#/definitions/uuidType" + }, + "type": { + "type": "string" + } }, - "cnaTags": { + "required": [ + "lang", + "value" + ] + } + }, + "source": { + "type": "object", + "minProperties": 1 + }, + "language": { + "type": "string" + }, + "englishLanguage": { + "type": "string" + }, + "taxonomyMappings": { + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "taxonomyName", + "taxonomyRelations" + ], + "properties": { + "taxonomyName": { + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "taxonomyVersion": { + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "taxonomyRelations": { "type": "array", - "uniqueItems": true, "minItems": 1, - "items": { - "oneOf": [ - { - "$ref": "#/definitions/tagExtension" - }, - { - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "https://cve.mitre.org/cve/v5_00/tags/cna/", - "type": "string" - } - ] - } - }, - "adpTags": { - "type": "array", "uniqueItems": true, - "minItems": 1, "items": { - "oneOf": [ - { - "$ref": "#/definitions/tagExtension" - }, - { - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "https://cve.mitre.org/cve/v5_00/tags/adp/", - "type": "string" - } - ] + "type": "object", + "required": [ + "taxonomyId", + "relationshipName", + "relationshipValue" + ], + "properties": { + "taxonomyId": { + "type": "string", + "minLength": 1, + "maxLength": 2048 + }, + "relationshipName": { + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "relationshipValue": { + "type": "string", + "minLength": 1, + "maxLength": 2048 + } + } } + } } + } }, - "oneOf": [ - { - "title": "Create", - "description": "When a CNA populates the data associated with a CVE ID as a CVE Record, the state of the CVE Record is Published.", - "properties": { - "containers": { - "description": "A set of structures (called containers) used to store vulnerability information related to a specific CVE ID provided by a specific organization participating in the CVE program. Each container includes information provided by a different source.\n\nAt minimum, a 'cna' container containing the vulnerability information provided by the CNA who initially assigned the CVE ID must be included.\n\nThere can only be one 'cna' container, as there can only be one assigning CNA. However, there can be multiple 'adp' containers, allowing multiple organizations participating in the CVE program to add additional information related to the vulnerability. For the most part, the 'cna' and 'adp' containers contain the same properties. The main differences are the source of the information and the 'cna' container requires the CNA include certain fields, while the 'adp' container does not.", - "type": "object", - "properties": { - "cna": { - "$ref": "#/definitions/cnaPublishedContainer" - } - }, - "required": [ - "cna" - ], - "additionalProperties": false + "tagExtension": { + "type": "string" + }, + "cnaTags": { + "type": "array", + "uniqueItems": true, + "minItems": 1, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/cna/", + "type": "string" } + ] + } + }, + "adpTags": { + "type": "array", + "uniqueItems": true, + "minItems": 1, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/tagExtension" + }, + { + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://cve.mitre.org/cve/v5_00/tags/adp/", + "type": "string" + } + ] + } + } + }, + "oneOf": [ + { + "title": "Create", + "description": "When a CNA populates the data associated with a CVE ID as a CVE Record, the state of the CVE Record is Published.", + "properties": { + "containers": { + "description": "A set of structures (called containers) used to store vulnerability information related to a specific CVE ID provided by a specific organization participating in the CVE program. Each container includes information provided by a different source.\n\nAt minimum, a 'cna' container containing the vulnerability information provided by the CNA who initially assigned the CVE ID must be included.\n\nThere can only be one 'cna' container, as there can only be one assigning CNA. However, there can be multiple 'adp' containers, allowing multiple organizations participating in the CVE program to add additional information related to the vulnerability. For the most part, the 'cna' and 'adp' containers contain the same properties. The main differences are the source of the information and the 'cna' container requires the CNA include certain fields, while the 'adp' container does not.", + "type": "object", + "properties": { + "cna": { + "$ref": "#/definitions/cnaPublishedContainer" + } + }, + "required": [ + "cna" + ], + "additionalProperties": false } } - ] + } + ] } \ No newline at end of file