-
-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update CVSS Scoring to CVSS 4 #484
Comments
https://www.first.org/cvss/v4-0/
Might be a waste of someones time until its official. |
@Xitro01 in the example you brought, the vulnerable system is the DB as it's the one directly impacted by your payload. Thus the I agree that the new way of identifying Subsequent Systems takes a bit to get used to. 🙂 What helped me are the new examples provided at https://www.first.org/cvss/v4.0/examples. |
For the example I gave: fair enough. Yet, looking at the examples at first.org: if you ask me it doesn't really add much. Just a slightly different way to calculate the value. There are just a few exotic vulnerabilities which make use of the subsequent metrics, for most the "Changed/Unchanged" value would have sufficed. Anyways, hopefully it will still be release optional. That will ease the migration towards 4.0, as our database has over 200 findings with CVSS 3.1. Just need to slightly adjust our report template so that the new CVSS 4.0 string will fit and that's it. |
Recently, CVSS 4 scoring was released. It adds a certain number of metrics in addition to CVSS 3.1 and which are relevant.
Would it be possible to add CVSS 4 scoring in pwndoc?
Thanks
The text was updated successfully, but these errors were encountered: