Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVSS3 Score of a vulnerability can be empty at creation but display error if empty at edition #5586

Closed
Archidoit opened this issue Jan 18, 2024 · 5 comments · Fixed by #5606
Closed

CVSS3 Score of a vulnerability can be empty at creation but display error if empty at edition #5586

Archidoit opened this issue Jan 18, 2024 · 5 comments · Fixed by #5606
Assignees
@Archidoit
Labels
bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 5.12.21

Comments

@Archidoit
Copy link
Member

Go to a vulnerability overview.
Click on the 'edit' button.
Go to the 'details' tab.
Add or change the 'CVSS3 - Severity' field.
An error occurs for the field 'CVSS3 - Score' but you can update the vulnerability and you can create a vulnerability with this field empty.
image
@Archidoit Archidoit added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Jan 18, 2024
@Archidoit Archidoit changed the title CVSS3 Score of a vulnerability can be empty at creation but display error at edition CVSS3 Score of a vulnerability can be empty at creation but display error if empty at edition Jan 18, 2024
@nino-filigran nino-filigran removed the needs triage use to identify issue needing triage from Filigran Product team label Jan 19, 2024
@nino-filigran
Copy link

To add more details, I reproduce this bug, but the error message appears and stays something like 1 second.

@Archidoit Archidoit self-assigned this Jan 19, 2024
@Archidoit
Copy link
Member Author

@nino-filigran @Jipegien do we want to make the field CVSS3-Score mandatory or not?

@nino-filigran
Copy link

@Archidoit not it's not!

@Archidoit
Copy link
Member Author

@nino-filigran By default, at a vulnerability creation, the score value is set to 1. Do we want to keep this?
image

@nino-filigran
Copy link

what @Jipegien explained to me is that bascially it's better if a vulnerability has a score but it should not be blocking. I assume that is the reason why we put a default scor?
e. If we say that the score is not mandatory, my opinion on this topic would be that we should not pre-fill it. @Jipegien ok with this?

Archidoit added a commit that referenced this issue Jan 19, 2024
@Archidoit
[frontend] Vulnerability CVSS3-Score not mandatory (#5586)
62cbc6a
@Archidoit Archidoit mentioned this issue Jan 19, 2024
Merged
@Archidoit Archidoit linked a pull request Jan 19, 2024 that will close this issue
[frontend] Vulnerability CVSS3-Score not mandatory (#5586) #5606
Merged
@SamuelHassine SamuelHassine added this to the Release 5.12.21 milestone Jan 19, 2024
SamuelHassine pushed a commit that referenced this issue Jan 19, 2024
@Archidoit
[frontend] Vulnerability CVSS3-Score not mandatory (#5586)
34d258d
@SamuelHassine SamuelHassine added the solved use to identify issue that has been solved (must be linked to the solving PR) label Jan 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Archidoit Archidoit

Labels
bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 5.12.21
Development

Successfully merging a pull request may close this issue.

[frontend] Vulnerability CVSS3-Score not mandatory (#5586) OpenCTI-Platform/opencti
3 participants
@SamuelHassine @Archidoit @nino-filigran