From 1cbccdce3cf728cdcd1a34f428492e9e6d00b3fc Mon Sep 17 00:00:00 2001 From: martindg <4148719+martindg@users.noreply.github.com> Date: Thu, 28 Aug 2025 18:26:36 +0300 Subject: [PATCH] Minor improvements --- trainingportal/static/lessons/cvss/cvss_1_intro.md | 4 +++- .../static/lessons/cvss/cvss_3_score_1.sol.md | 2 +- .../static/lessons/cvss/definitions.json | 14 +++++++------- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/trainingportal/static/lessons/cvss/cvss_1_intro.md b/trainingportal/static/lessons/cvss/cvss_1_intro.md index 2448bd8..8ae7763 100644 --- a/trainingportal/static/lessons/cvss/cvss_1_intro.md +++ b/trainingportal/static/lessons/cvss/cvss_1_intro.md @@ -150,6 +150,8 @@ CVSS Base metrics go into 2 broad categories: - [regreSSHion CVE-2024-6387](https://www.first.org/cvss/v4-0/examples#regreSSHion-CVE-2024-6387) - Attackers must defeat memory safety defenses in order to achieve code execution +**NOTE**: It is important to note that Attack Complexity is **not** related to exploit complexity. A proof-of-concept for exploiting a vulnerability may be a sophisticated piece of code itself, but that does not necessarily have effect on the Attack Complexity metric. You should ask not "How hard would it be for someone to design the exploit code?", but instead ask "How hard would it be for someone having access to the exploit code to overcome the security conditions in order for this attack to work?" + #### [Attack Requirements (AT)](https://www.first.org/cvss/v4-0/specification-document#Attack-Requirements-AT) - **Question**: Are there any non-security-specific conditions that need to be overcome? @@ -226,7 +228,7 @@ Impact is only measured in terms of what is gained by exploiting a vulnerability CVSS v4 introduces separate impact scores for the Vulnerable (`V`) system and Subsequent (`S`) systems (previously in CVSS v3 this used to be marked by a Scope (`S`) metric). -The CVSS documentation includes a [User Guide](https://www.first.org/cvss/v4-0/user-guide#Vulnerable-System-and-Subsequent-System) with some examples on scope scoring. +The CVSS documentation includes a [CVSS User Guide](https://www.first.org/cvss/v4-0/user-guide#Vulnerable-System-and-Subsequent-System) with some examples on scope scoring. Examples of change of scope (vulnerable to subsequent) for impact: diff --git a/trainingportal/static/lessons/cvss/cvss_3_score_1.sol.md b/trainingportal/static/lessons/cvss/cvss_3_score_1.sol.md index 72db721..79ba72a 100644 --- a/trainingportal/static/lessons/cvss/cvss_3_score_1.sol.md +++ b/trainingportal/static/lessons/cvss/cvss_3_score_1.sol.md @@ -3,7 +3,7 @@ High-level analysis: - Prerequisites: - None - Impact: - - Some limited amount data is exposed + - Some limited amount of data is exposed --- diff --git a/trainingportal/static/lessons/cvss/definitions.json b/trainingportal/static/lessons/cvss/definitions.json index ab53d6a..e218ce5 100644 --- a/trainingportal/static/lessons/cvss/definitions.json +++ b/trainingportal/static/lessons/cvss/definitions.json @@ -65,7 +65,7 @@ "description": "cvss_3_score_1.md", "solution": "cvss_3_score_1.sol.md", "type":"quiz", - "mission":"Enter the CVSS v4 string (Base Score)", + "mission":"Enter the CVSS v4 Vector string (i.e. CVSS:4.0/AV:x/AC:x/AT:x/PR:x/UI:x/VC:x/VI:x/VA:x/SC:x/SI:x/SA:x) which can be copied by clicking on the green CVSS Vector box in the CVSS calculator", "codeBlockIds":[] }, { @@ -74,7 +74,7 @@ "description": "cvss_4_score_2.md", "solution": "cvss_4_score_2.sol.md", "type":"quiz", - "mission":"Enter the CVSS v4 string (Base Score)", + "mission":"Enter the CVSS v4 Vector string (i.e. CVSS:4.0/AV:x/AC:x/AT:x/PR:x/UI:x/VC:x/VI:x/VA:x/SC:x/SI:x/SA:x) which can be copied by clicking on the green CVSS Vector box in the CVSS calculator", "codeBlockIds":[] }, { @@ -83,7 +83,7 @@ "description": "cvss_5_chain.md", "solution": "cvss_5_chain.sol.md", "type":"quiz", - "mission":"Enter the CVSS v4 string (Base Score)", + "mission":"Enter the CVSS v4 Vector string (i.e. CVSS:4.0/AV:x/AC:x/AT:x/PR:x/UI:x/VC:x/VI:x/VA:x/SC:x/SI:x/SA:x) which can be copied by clicking on the green CVSS Vector box in the CVSS calculator", "codeBlockIds":[] }, { @@ -92,7 +92,7 @@ "description": "cvss_6_score_3.md", "solution": "cvss_6_score_3.sol.md", "type":"quiz", - "mission":"Enter the CVSS v4 string (Base Score)", + "mission":"Enter the CVSS v4 Vector string (i.e. CVSS:4.0/AV:x/AC:x/AT:x/PR:x/UI:x/VC:x/VI:x/VA:x/SC:x/SI:x/SA:x) which can be copied by clicking on the green CVSS Vector box in the CVSS calculator", "codeBlockIds":[] }, { @@ -101,7 +101,7 @@ "description": "cvss_7_score_4.md", "solution": "cvss_7_score_4.sol.md", "type":"quiz", - "mission":"Enter the CVSS v4 string (Base Score)", + "mission":"Enter the CVSS v4 Vector string (i.e. CVSS:4.0/AV:x/AC:x/AT:x/PR:x/UI:x/VC:x/VI:x/VA:x/SC:x/SI:x/SA:x) which can be copied by clicking on the green CVSS Vector box in the CVSS calculator", "codeBlockIds":[] }, { @@ -110,7 +110,7 @@ "description": "cvss_8_score_5.md", "solution": "cvss_8_score_5.sol.md", "type":"quiz", - "mission":"Enter the CVSS v4 string (Base Score)", + "mission":"Enter the CVSS v4 Vector string (i.e. CVSS:4.0/AV:x/AC:x/AT:x/PR:x/UI:x/VC:x/VI:x/VA:x/SC:x/SI:x/SA:x) which can be copied by clicking on the green CVSS Vector box in the CVSS calculator", "codeBlockIds":[] }, { @@ -119,7 +119,7 @@ "description": "cvss_9_score_6.md", "solution": "cvss_9_score_6.sol.md", "type":"quiz", - "mission":"Enter the CVSS v4 string (Base Score)", + "mission":"Enter the CVSS v4 Vector string (i.e. CVSS:4.0/AV:x/AC:x/AT:x/PR:x/UI:x/VC:x/VI:x/VA:x/SC:x/SI:x/SA:x) which can be copied by clicking on the green CVSS Vector box in the CVSS calculator", "codeBlockIds":[] } ]