You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Bugcrowd VRT variant Automotive Security Misconfiguration > Infotainment, Radio Head Unit > PII Leakage has been brought up on occasion, as the variant is not used properly due to the terminology of the submission title. We have seen PII leakage being miscategorised due to the term PII inside of it's name.
We want to provide a solution to this which gives people an option to categorise their submissions properly, this would be a new category called PII Leakage/Exposure with the intent that a researcher would select this submission when they identify information such as exposed data for a user or group where a class such as IDOR does not match the way this information was identified.
Recommendations
Update the title of the variant Automotive Security Misconfiguration > Infotainment, Radio Head Unit > PII Leakage to Sensitive Data Leakage. (This is a temporary measure until the Automotive Security Misconfiguration can properly be overhauled)
Create a new variant under Sensitive Data Exposure called PII Leakage/Exposure which has the impact of Varies.
The text was updated successfully, but these errors were encountered:
Description
The Bugcrowd VRT variant
Automotive Security Misconfiguration > Infotainment, Radio Head Unit > PII Leakage
has been brought up on occasion, as the variant is not used properly due to the terminology of the submission title. We have seenPII leakage
being miscategorised due to the termPII
inside of it's name.We want to provide a solution to this which gives people an option to categorise their submissions properly, this would be a new category called
PII Leakage/Exposure
with the intent that a researcher would select this submission when they identify information such as exposed data for a user or group where a class such as IDOR does not match the way this information was identified.Recommendations
Automotive Security Misconfiguration > Infotainment, Radio Head Unit > PII Leakage
toSensitive Data Leakage
. (This is a temporary measure until theAutomotive Security Misconfiguration
can properly be overhauled)Sensitive Data Exposure
calledPII Leakage/Exposure
which has the impact of Varies.The text was updated successfully, but these errors were encountered: