AI entries revised #464

TimmyBugcrowd · 2025-05-28T08:57:21Z

Adding:
P1 - AI Application Security - Training Data Poisoning - Backdoor Injection / Bias Manipulation
P1 - AI Application Security - Model Extraction - API Query-Based Model Reconstruction
P1 - AI Application Security - Sensitive Information Disclosure - Cross-Tenant PII Leakage/Exposure .
P1 - AI Application Security - Sensitive Information Disclosure - Key Leak
P1 - AI Application Security - Remote Code Execution - Full System Compromise
P2 - AI Application Security - Remote Code Execution - Sandboxed Container Code Execution
P2 - AI Application Security - Prompt Injection - System Prompt Leakage
P2 - AI Application Security - Vector and Embedding Weaknesses - Embedding Exfiltration / Model Extraction
P3 - AI Application Security - Vector and Embedding Weaknesses - Semantic Indexing
P2 - AI Application Security - Denial-of-Service (DoS) - Application-Wide
P4 - AI Application Security - AI Safety - Misinformation / Wrong Factual Data
P4 - AI Application Security - Insufficient Rate Limiting - Query Flooding / API Token Abuse
P4 - AI Application Security - Denial-of-Service (DoS) - Tenant-Scoped
P4 - AI Application Security - Adversarial Example Injection - AI Misclassification Attacks
P3 - AI Application Security - Improper Output Handling - Cross-Site Scripting (XSS)
P4 - AI Application Security - Improper Output Handling - Markdown/HTML Injection
P5 - AI Application Security - Improper Input Handling - ANSI Escape Codes
P5 - AI Application Security - Improper Input Handling - Unicode Confusables
P5 - AI Application Security - Improper Input Handling - RTL Overrides

Removing:
P1 - AI Application Security - Large Language Model (LLM) Security - LLM Output Handling
P1 - AI Application Security - Large Language Model (LLM) Security - Prompt Injection
P1 - AI Application Security - Large Language Model (LLM) Security - Training Data Poisoning
P2 - AI Application Security - Large Language Model (LLM) Security - Excessive Agency/Permission Manipulation

Adding: P1 - AI Application Security - Training Data Poisoning - Backdoor Injection / Bias Manipulation P1 - AI Application Security - Model Extraction - API Query-Based Model Reconstruction P1 - AI Application Security - Sensitive Information Disclosure - Cross-Tenant PII Leakage/Exposure P1 - AI Application Security - Remote Code Execution - Full System Compromise P1 - AI Application Security - Sensitive Information Disclosure - Key Leak P2 - AI Application Security - Remote Code Execution - Sandboxed Container Code Execution P2 - AI Application Security - Prompt Injection - System Prompt Leakage P2 - AI Application Security - Vector and Embedding Weaknesses - Embedding Exfiltration / Model Extraction P2 - AI Application Security - Denial-of-Service (DoS) - Application-Wide P3 - AI Application Security - Vector and Embedding Weaknesses - Semantic Indexing P3 - AI Application Security - Improper Output Handling - Cross-Site Scripting (XSS) P4 - AI Application Security - Improper Output Handling - Markdown/HTML Injection P4 - AI Application Security - AI Safety - Misinformation / Wrong Factual Data P4 - AI Application Security - Insufficient Rate Limiting - Query Flooding / API Token Abuse P4 - AI Application Security - Denial-of-Service (DoS) - Tenant-Scoped P4 - AI Application Security - Adversarial Example Injection - AI Misclassification Attacks P5 - AI Application Security - Improper Input Handling - ANSI Escape Codes P5 - AI Application Security - Improper Input Handling - Unicode Confusables P5 - AI Application Security - Improper Input Handling - RTL Overrides

These updates are to match the VRT update - bugcrowd/vulnerability-rating-taxonomy#464 Adding: P1 - AI Application Security - Training Data Poisoning - Backdoor Injection / Bias Manipulation P1 - AI Application Security - Model Extraction - API Query-Based Model Reconstruction P1 - AI Application Security - Sensitive Information Disclosure - Cross-Tenant PII Leakage/Exposure . P1 - AI Application Security - Sensitive Information Disclosure - Key Leak P1 - AI Application Security - Remote Code Execution - Full System Compromise P2 - AI Application Security - Remote Code Execution - Sandboxed Container Code Execution P2 - AI Application Security - Prompt Injection - System Prompt Leakage P2 - AI Application Security - Vector and Embedding Weaknesses - Embedding Exfiltration / Model Extraction P3 - AI Application Security - Vector and Embedding Weaknesses - Semantic Indexing P2 - AI Application Security - Denial-of-Service (DoS) - Application-Wide P4 - AI Application Security - AI Safety - Misinformation / Wrong Factual Data P4 - AI Application Security - Insufficient Rate Limiting - Query Flooding / API Token Abuse P4 - AI Application Security - Denial-of-Service (DoS) - Tenant-Scoped P4 - AI Application Security - Adversarial Example Injection - AI Misclassification Attacks P3 - AI Application Security - Improper Output Handling - Cross-Site Scripting (XSS) P4 - AI Application Security - Improper Output Handling - Markdown/HTML Injection P5 - AI Application Security - Improper Input Handling - ANSI Escape Codes P5 - AI Application Security - Improper Input Handling - Unicode Confusables P5 - AI Application Security - Improper Input Handling - RTL Overrides Removing: P1 - AI Application Security - Large Language Model (LLM) Security - LLM Output Handling P1 - AI Application Security - Large Language Model (LLM) Security - Prompt Injection P1 - AI Application Security - Large Language Model (LLM) Security - Training Data Poisoning P2 - AI Application Security - Large Language Model (LLM) Security - Excessive Agency/Permission Manipulation

* GraphQL Introspection Enabled - P5 #450 * Bypass of Password Confirmation on Password Change Add: Broken Access Control – Bypass of Password Confirmation – Change Password * Revert "Bypass of Password Confirmation on Password Change" This reverts commit a6e415a. * Bypass of Password Confirmation on Password Change Add: Broken Access Control – Bypass of Password Confirmation – Change Password * Revert "Bypass of Password Confirmation on Password Change" This reverts commit 3418212. * Broken Access Control (BAC) - Bypass of Password Confirmation - Change Password (#462) * Revert "Bypass of Password Confirmation on Password Change" This reverts commit 3418212. * Bypass of Password Confirmation on Password Change Add: Broken Access Control – Bypass of Password Confirmation – Change Password * AI entries revised (#464) * AI entries revised Adding: P1 - AI Application Security - Training Data Poisoning - Backdoor Injection / Bias Manipulation P1 - AI Application Security - Model Extraction - API Query-Based Model Reconstruction P1 - AI Application Security - Sensitive Information Disclosure - Cross-Tenant PII Leakage/Exposure P1 - AI Application Security - Remote Code Execution - Full System Compromise P1 - AI Application Security - Sensitive Information Disclosure - Key Leak P2 - AI Application Security - Remote Code Execution - Sandboxed Container Code Execution P2 - AI Application Security - Prompt Injection - System Prompt Leakage P2 - AI Application Security - Vector and Embedding Weaknesses - Embedding Exfiltration / Model Extraction P2 - AI Application Security - Denial-of-Service (DoS) - Application-Wide P3 - AI Application Security - Vector and Embedding Weaknesses - Semantic Indexing P3 - AI Application Security - Improper Output Handling - Cross-Site Scripting (XSS) P4 - AI Application Security - Improper Output Handling - Markdown/HTML Injection P4 - AI Application Security - AI Safety - Misinformation / Wrong Factual Data P4 - AI Application Security - Insufficient Rate Limiting - Query Flooding / API Token Abuse P4 - AI Application Security - Denial-of-Service (DoS) - Tenant-Scoped P4 - AI Application Security - Adversarial Example Injection - AI Misclassification Attacks P5 - AI Application Security - Improper Input Handling - ANSI Escape Codes P5 - AI Application Security - Improper Input Handling - Unicode Confusables P5 - AI Application Security - Improper Input Handling - RTL Overrides * Update vulnerability-rating-taxonomy.json * Fixing errors * Fixing errors2 * Update vulnerability-rating-taxonomy.json * Update vulnerability-rating-taxonomy.json * Update vulnerability-rating-taxonomy.json * Update vulnerability-rating-taxonomy.json * Update vulnerability-rating-taxonomy.json * Update cvss_v3.json * Fixed deprecated node mapping (#457) * Updated varies to default and removed redundant entries (#461) * Updated varies to default and removed redundant entries * Reverting some changes --------- Co-authored-by: Abhinav Nain <abhinav.nain@bugcrowd.com> * Final Changes - Adding Changelog + deprecated-node-mappings + ALL JSON Sorting + SCW --------- Co-authored-by: SamAtBugcrowd <100110742+SamAtBugcrowd@users.noreply.github.com> Co-authored-by: Abhinav Nain <abhinav.nain@bugcrowd.com>

TimmyBugcrowd added 8 commits May 28, 2025 10:51

Update vulnerability-rating-taxonomy.json

a64ce7a

Fixing errors

432bfc1

Fixing errors2

4dbe1e7

Update vulnerability-rating-taxonomy.json

cc0cbd7

Update vulnerability-rating-taxonomy.json

ccf3755

Update vulnerability-rating-taxonomy.json

35e36aa

Update vulnerability-rating-taxonomy.json

a33afd5

RRudder mentioned this pull request Jun 2, 2025

Updates to the AI Application Security templates bugcrowd/templates#561

Merged

TimmyBugcrowd added 2 commits June 5, 2025 10:54

Update vulnerability-rating-taxonomy.json

865c8ad

Update cvss_v3.json

94b45a8

abhinav-nain changed the base branch from master to q2-25-release-mapping June 20, 2025 08:57

abhinav-nain merged commit 2bbf360 into q2-25-release-mapping Jun 20, 2025
3 checks passed

abhinav-nain deleted the q2-25-release-AI branch June 20, 2025 08:57

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

AI entries revised #464

AI entries revised #464

Uh oh!

TimmyBugcrowd commented May 28, 2025

Uh oh!

Uh oh!

Uh oh!

AI entries revised #464

AI entries revised #464

Uh oh!

Conversation

TimmyBugcrowd commented May 28, 2025

Uh oh!

Uh oh!

Uh oh!