CVSS Score 1

Author: martindg

trainingportal/qna.js

@@ -231,6 +231,10 @@ let analysisEnc = (mes) => {
   return getRes(goldenKey, cipher);
 }
 
+let cvss_score_1 = () => {
+  return {"digest": getDigest("CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N")};
+}
+
 const DEFS = {
   "crypto_caesar": caesarEnc,
   "crypto_vigenere": vigenereEnc,
@@ -239,7 +243,8 @@ const DEFS = {
   "crypto_hash": hashEnc,
   "crypto_xor": xorEnc,
   "crypto_pbk": pbkEnc,
-  "crypto_analysis": analysisEnc
+  "crypto_analysis": analysisEnc,
+  "cvss_score_1": cvss_score_1
 }
 
 module.exports = {

trainingportal/static/lessons/cvss/cvss_score_1.md

@@ -0,0 +1,7 @@
+### Task
+
+Score the following scenario using the CVSS v4.0 calculator [https://www.first.org/cvss/calculator/4-0](https://www.first.org/cvss/calculator/4-0).
+
+### Scenario
+
+Unauthenticated attacker can list registered users of a SaaS offering.

trainingportal/static/lessons/cvss/cvss_score_1.sol.md

@@ -0,0 +1,11 @@
+- Attack Vector (AV): Network (N)
+- Attack Complexity (AC): Low (L)
+- Attack Requirements (AT): None (N)
+- Privileges Required (PR): None (N)
+- User Interaction (UI): None (N)
+- Vulnerable System Confidentiality (VC): Low (L)
+- Vulnerable System Integrity (VI): None (N)
+- Vulnerable System Availability (VA): None (N)
+- Subsequent System Confidentiality (SC): None (N)
+- Subsequent System Integrity (SI): None (N)
+- Subsequent System Availability (SA): None (N)

trainingportal/static/lessons/cvss/definitions.json

@@ -58,6 +58,15 @@
                 ],
                 "answer":"5",
                 "codeBlockIds":[]
+            },
+            {
+                "id":"cvss_score_1",
+                "name":"Score Vulnerability 1",
+                "description": "cvss_score_1.md",
+                "solution": "cvss_score_1.sol.md",
+                "type":"quiz",
+                "mission":"Enter the CVSS v4 string (Base Score)",
+                "codeBlockIds":[]
             }
         ]
     }