Commit f5d7cde5 authored by Wayne Beaton's avatar Wayne Beaton
Browse files

Update cve.md

parent ba26be62
...@@ -8,31 +8,43 @@ Note that a vulnerability does not need to actually be resolved before it is rep ...@@ -8,31 +8,43 @@ Note that a vulnerability does not need to actually be resolved before it is rep
You can delete the comments (or not). You can delete the comments (or not).
--> -->
## Project The Eclipse Foundation is a [Common Vulnerabilities and Exposures](https://cve.mitre.org/) (CVE) Numbering Authority. This issue it used to request and track the progress of the assignment of a CVE for a vulnerability in the project code for an Eclipse open source project.
<!-- <!--
Required. Specify the project's name (e.g., "Eclipse Dash") and Eclipse Foundation ID, e.g., "technology.dash". Required. Specify the project's name (e.g., "Eclipse Dash") and Eclipse Foundation ID, e.g., "technology.dash".
--> -->
## Versions Affected ## Basic information
**Project name:** {name}
**Project id:** {id}
<!-- <!--
Required. Specify the version range as precisely as possible, e.g., "[3.0, 3.5.1]" or "[3.0, 3.5.1)". Required. Specify the version range as precisely as possible, e.g., "[3.0, 3.5.1]" or "[3.0, 3.5.1)". Note that using the standard range notion, square brackets are inclusive (i.e., that version is included in the range), and round brakets are exclusive (the vulnerability affects all versions up to but not including the named version).
Multiple ranges can be provided.
--> -->
## Common Weakness Enumeration **Versions: affected:** {versions}
<!-- <!--
Required. The Common Weakness Enumeration (CWE) code comes from here: https://cwe.mitre.org/, e.g., "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')". Multiple codes can be provided. Required. The Common Weakness Enumeration (CWE) code comes from here: https://cwe.mitre.org/, e.g., "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')". Multiple codes can be provided.
--> -->
## Common Vulnerability Scoring System **Common Weakness Enumeration:**
- {[cwe1](https://cwe.mitre.org/)}
- {[cwe2](https://cwe.mitre.org/)}
- ...
<!-- <!--
Optional. Provide a Common Vulnerability Scoring System (CVSS). There's help here: https://nvd.nist.gov/vuln-metrics/cvss Optional. Provide a Common Vulnerability Scoring System (CVSS). Note that if you do not provide this, then some agencies (eg. NIST) will compute it on the project's behalf. Please be sure to include the CVSS version number, e.g., "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H".
There's help here: https://nvd.nist.gov/vuln-metrics/cvss
--> -->
## Summary **Common Vulnerability Scoring System:** {[cvss](https://nvd.nist.gov/vuln-metrics/cvss)}
<!-- <!--
Required. The summary should start with the name of the project, e.g., "Eclipse Vert.x", then a description of the affected versions, followed by a description of the problem. The summary should be concise. For example, Required. The summary should start with the name of the project, e.g., "Eclipse Vert.x", then a description of the affected versions, followed by a description of the problem. The summary should be concise. For example,
...@@ -43,16 +55,34 @@ Required. The summary should start with the name of the project, e.g., "Eclipse ...@@ -43,16 +55,34 @@ Required. The summary should start with the name of the project, e.g., "Eclipse
to inject a new header in the client request or server response." to inject a new header in the client request or server response."
--> -->
## Links **Summary:**
In {name} versions {versions}, ...
<!-- <!--
Required. Include a link to the issue that's being used to track/resolve the issue. Other links that provide more information can be provided. Required. Include a link to the issue (e.g., GitHub Security Advisory) that's being used to track/resolve the issue. Other links that provide more information can be provided.
--> -->
**Links:**
- {primary resolution link} - {primary resolution link}
## Tracking
This section will completed by the **project team**.
- [ ] We're ready for this issue to be reported to the central authority (i.e., make this public)
- [ ] (Optional) The GitHub Security Advisory is ready to be published now
This section will be completed by the **EMO**.
**CVE:** {cve}
- [ ] CVE Assigned
- [ ] Pushed to Mitre
- [ ] Accepted by Mitre
<!-- Quick actions will configure the state of the issue. Leave these. --> <!-- Quick actions will configure the state of the issue. Leave these. -->
/title "CVE Assignment Request"
/confidential /confidential
/label ~"CVE Assignment" /label ~"CVE Assignment"
/assign @wbeaton /assign @wbeaton
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment