CVSS Score 3

Author: martindg

trainingportal/qna.js

@@ -243,6 +243,9 @@ let cvss_5_chain = () => {
   return {"digest": getDigest("CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N")};
 }
 
+let cvss_6_score_3 = () => {
+  return {"digest": getDigest("CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N")};
+}
 const DEFS = {
   "crypto_caesar": caesarEnc,
   "crypto_vigenere": vigenereEnc,
@@ -254,7 +257,8 @@ const DEFS = {
   "crypto_analysis": analysisEnc,
   "cvss_3_score_1": cvss_3_score_1,
   "cvss_4_score_2": cvss_4_score_2,
-  "cvss_5_chain": cvss_5_chain
+  "cvss_5_chain": cvss_5_chain,
+  "cvss_6_score_3": cvss_6_score_3
 }
 
 module.exports = {

trainingportal/static/lessons/cvss/cvss_6_score_3.md

@@ -0,0 +1,21 @@
+### Task
+
+Score the following scenario using the CVSS v4.0 calculator [https://www.first.org/cvss/calculator/4-0](https://www.first.org/cvss/calculator/4-0).
+
+<br><br>
+
+### Scenario
+
+The company "PCGamingCompany.insecure.example" offers computer games to its customers. The service offers an easy sign up for new customers.
+
+From a technical standpoint, they have a web client and a desktop client. In order for customers to play games, they have to download the desktop client and log into their account.
+
+<br><br>
+
+#### Vulnerability
+
+An authenticated attacker can leverage an Authorization bypass in the API and see all the games owned by a particular user.
+
+**Note:** For this example we can assume that userids are easily guessable. This is an issue on its own, but is out of scope for this example.
+
+<br><br>

trainingportal/static/lessons/cvss/cvss_6_score_3.sol.md

@@ -0,0 +1,22 @@
+High-level analysis:
+
+- Prerequisites:
+    - None. Even if from technical point of view the API does require authentication, it is easy for an attacker to obtain a normal account and leverage that. Per the [CVSS Specification](https://www.first.org/cvss/v4-0/specification-document#Privileges-Required-PR): "Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack".
+- Impact:
+    - Some non-sensitive data are exposed
+
+---
+
+CVSS:
+
+- Attack Vector: Network (N)
+- Attack Complexity: Low (L)
+- Attack Requirements: None (N)
+- Privileges Required: None (N)
+- User Interaction: None (N)
+- Vulnerable SystemConfidentiality: Low (L)
+- Vulnerable System Integrity: None (N)
+- Vulnerable System Availability: None (N)
+- Subsequent System Confidentiality: None (N)
+- Subsequent System Integrity: None (N)
+- Subsequent System Availability: None (N)

trainingportal/static/lessons/cvss/definitions.json

@@ -85,6 +85,15 @@
                 "type":"quiz",
                 "mission":"Enter the CVSS v4 string (Base Score)",
                 "codeBlockIds":[]
+            },
+            {
+                "id":"cvss_6_score_3",
+                "name":"Score Vulnerability 3",
+                "description": "cvss_6_score_3.md",
+                "solution": "cvss_6_score_3.sol.md",
+                "type":"quiz",
+                "mission":"Enter the CVSS v4 string (Base Score)",
+                "codeBlockIds":[]
             }
         ]
     }