-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathknown_exploited_vulnerabilities_schema.json
98 lines (98 loc) · 3.33 KB
/
known_exploited_vulnerabilities_schema.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
{
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"title": "CISA Catalog of Known Exploited Vulnerabilities",
"description": "A catalog of known exploited vulnerabilities that carry significant risk to the federal enterprise",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"properties": {
"catalogVersion": {
"description": "Version of the known exploited vulnerabilities catalog",
"type": "string"
},
"dateReleased": {
"description": "Date-time of Catalog Release in the format YYYY-MM-DDTHH:mm:ss.sssZ",
"type": "string",
"format": "date-time"
},
"count": {
"description": "Total number of Known Exploited Vulnerabilities in the catalog",
"type": "integer"
},
"vulnerabilities": {
"description": "The exploited vulnerabilities included in this catalog",
"type": "array",
"items": {
"$ref": "#/$defs/vulnerability"
}
}
},
"required": ["catalogVersion", "dateReleased", "count", "vulnerabilities"],
"$defs": {
"vulnerability": {
"type": "object",
"properties": {
"cveID": {
"description": "The CVE ID of the vulnerability in the format CVE-YYYY-NNNN, note that the number portion can have more than 4 digits",
"type": "string",
"pattern": "^CVE-[0-9]{4}-[0-9]{4,19}$"
},
"vendorProject": {
"description": "The vendor or project name for the vulnerability",
"type": "string"
},
"product": {
"description": "The vulnerability product",
"type": "string"
},
"vulnerabilityName": {
"description": "The name of the vulnerability",
"type": "string"
},
"dateAdded": {
"description": "The date the vulnerability was added to the catalog in the format YYYY-MM-DD",
"type": "string",
"format": "date"
},
"shortDescription": {
"description": "A short description of the vulnerability",
"type": "string"
},
"requiredAction": {
"description": "The required action to address the vulnerability",
"type": "string"
},
"dueDate": {
"description": "The date the required action is due in the format YYYY-MM-DD",
"type": "string",
"format": "date"
},
"knownRansomwareCampaignUse": {
"description": "'Known' if this vulnerability is known to have been leveraged as part of a ransomware campaign; 'Unknown' if CISA lacks confirmation that the vulnerability has been utilized for ransomware",
"type": "string"
},
"notes": {
"description": "Any additional notes about the vulnerability",
"type": "string"
},
"cwes": {
"description": "Common Weakness Enumeration (CWE) codes associated with this vulnerability. CWEs are in the format CWE-NNNN; note that the number portion can have any number of digits",
"type": "array",
"items": {
"type": "string",
"pattern": "^CWE-([0-9])+$"
}
}
},
"required": [
"cveID",
"vendorProject",
"product",
"vulnerabilityName",
"dateAdded",
"shortDescription",
"requiredAction",
"dueDate"
]
}
}
}