CVSS Score 2

martindg · martindg · commit 3e1016c9d97e · 2025-08-28T10:59:47.000+03:00
diff --git a/trainingportal/qna.js b/trainingportal/qna.js
@@ -235,6 +235,10 @@ let cvss_score_1 = () => {
   return {"digest": getDigest("CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N")};
 }
 
+let cvss_score_2 = () => {
+  return {"digest": getDigest("CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N")};
+}
+
 const DEFS = {
   "crypto_caesar": caesarEnc,
   "crypto_vigenere": vigenereEnc,
@@ -244,7 +248,8 @@ const DEFS = {
   "crypto_xor": xorEnc,
   "crypto_pbk": pbkEnc,
   "crypto_analysis": analysisEnc,
-  "cvss_score_1": cvss_score_1
+  "cvss_score_1": cvss_score_1,
+  "cvss_score_2": cvss_score_2
 }
 
 module.exports = {
diff --git a/trainingportal/static/lessons/cvss/cvss_score_2.md b/trainingportal/static/lessons/cvss/cvss_score_2.md
@@ -0,0 +1,7 @@
+### Task
+
+Score the following scenario using the CVSS v4.0 calculator [https://www.first.org/cvss/calculator/4-0](https://www.first.org/cvss/calculator/4-0).
+
+### Scenario
+
+A malicious SaaS user with knowledge of another user’s unique 128-bit userid, can read all the information (e.g. details, activity, messages) for that user through an Authorization bypass in the API.
diff --git a/trainingportal/static/lessons/cvss/cvss_score_2.sol.md b/trainingportal/static/lessons/cvss/cvss_score_2.sol.md
@@ -0,0 +1,11 @@
+- Attack Vector (AV): Network (N)
+- Attack Complexity (AC): High (H)
+- Attack Requirements (AT): None (N)
+- Privileges Required (PR): Low (L)
+- User Interaction (UI): None (N)
+- Vulnerable System Confidentiality (VC): High (H)
+- Vulnerable System Integrity (VI): None (N)
+- Vulnerable System Availability (VA): None (N)
+- Subsequent System Confidentiality (SC): None (N)
+- Subsequent System Integrity (SI): None (N)
+- Subsequent System Availability (SA): None (N)
diff --git a/trainingportal/static/lessons/cvss/definitions.json b/trainingportal/static/lessons/cvss/definitions.json
@@ -67,6 +67,15 @@
                 "type":"quiz",
                 "mission":"Enter the CVSS v4 string (Base Score)",
                 "codeBlockIds":[]
+            },
+            {
+                "id":"cvss_score_2",
+                "name":"Score Vulnerability 2",
+                "description": "cvss_score_2.md",
+                "solution": "cvss_score_2.sol.md",
+                "type":"quiz",
+                "mission":"Enter the CVSS v4 string (Base Score)",
+                "codeBlockIds":[]
             }
         ]
     }

Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,15 @@`
`67`	`67`	`"type":"quiz",`
`68`	`68`	`"mission":"Enter the CVSS v4 string (Base Score)",`
`69`	`69`	`"codeBlockIds":[]`
	`70`	`+ },`
	`71`	`+ {`
	`72`	`+ "id":"cvss_score_2",`
	`73`	`+ "name":"Score Vulnerability 2",`
	`74`	`+ "description": "cvss_score_2.md",`
	`75`	`+ "solution": "cvss_score_2.sol.md",`
	`76`	`+ "type":"quiz",`
	`77`	`+ "mission":"Enter the CVSS v4 string (Base Score)",`
	`78`	`+ "codeBlockIds":[]`
`70`	`79`	`}`
`71`	`80`	`]`
`72`	`81`	`}`