blob: 71d3fd4c4fef3040d0b91cf86be2a65b351db03a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
export function createCveIdRequestIssueBody(fullPath, iid) {
return `### Vulnerability Submission
**NOTE:** Only maintainers of GitLab-hosted projects may request a CVE for
a vulnerability within their project.
Project issue: ${fullPath}#${iid}
#### Publishing Schedule
After a CVE request is validated, a CVE identifier will be assigned. On what
schedule should the details of the CVE be published?
* [ ] Publish immediately
* [ ] Wait to publish
<!--
Please fill out the yaml codeblock below
-->
\`\`\`yaml
reporter:
name: "TODO" # "First Last"
email: "TODO" # "email@domain.tld"
vulnerability:
description: "TODO" # "[VULNTYPE] in [COMPONENT] in [VENDOR][PRODUCT] [VERSION] allows [ATTACKER] to [IMPACT] via [VECTOR]"
cwe: "TODO" # "CWE-22" # Path Traversal
product:
gitlab_path: "${fullPath}"
vendor: "TODO" # "Deluxe Sandwich Maker Company"
name: "TODO" # "Deluxe Sandwich Maker 2"
affected_versions:
- "TODO" # "1.2.3"
- "TODO" # ">1.3.0, <=1.3.9"
fixed_versions:
- "TODO" # "1.2.4"
- "TODO" # "1.3.10"
impact: "TODO" # "CVSS v3 string" # https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
solution: "TODO" # "Upgrade to version 1.2.4 or 1.3.10"
credit: "TODO"
references:
- "TODO" # "https://some.domain.tld/a/reference"
\`\`\`
CVSS scores can be computed by means of the [NVD CVSS Calculator](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator).
/relate ${fullPath}#${iid}
/label ~"devops::secure" ~"group::vulnerability research" ~"vulnerability research::cve" ~"advisory::queued"
`;
}
|
