Embargoed CVE assignments
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


This repo is OBSOLETE

This data will now be mrged into the regular cvelist repo, so this repo is not needed and will be deleted once the docs are merged.


CVE JSON files can have a special RESERVED substate called "EMBARGOED", this state is special in that the RESERVED:EMBARGOED CVE entries can have (at a minimum, in the "CVE_data_meta" container):

  1. CVE
  2. Assigner (can be parent CNA)
  5. embargoed_encrypted_data (base64 encoded GPG encrypted data)
  6. embargoed_encrypted_metadata (base64 encoded GPG encrypted data)

Please note that you can encrypt the data to multiple people when using GPG, longer term the hope is to have a group of people, or ideally an automated system that can unencrypt and commit now public CVEs to the database to minimize delay between a CVE being public and the publishing of said CVE in the MITRE CVE database.

The description container is the usual "This CVE is reserved blah blah"

Some examples are in the https://github.com/distributedweaknessfiling/cvelist-embargoed/tree/master/2018/1000xxx directory (please note they may be gone by the time you read this, just look at commit a597c391c1847af313a29aaab86f036056eab89a).