Add high-level analysis to solutions

Author: martindg

trainingportal/static/lessons/cvss/cvss_3_score_1.sol.md

@@ -1,3 +1,12 @@
+High-level analysis:
+
+- Prerequisites:
+    - None
+- Impact:
+    - Some limited amount data is exposed
+
+---
+
 - Attack Vector (AV): Network (N)
 - Attack Complexity (AC): Low (L)
 - Attack Requirements (AT): None (N)

trainingportal/static/lessons/cvss/cvss_4_score_2.sol.md

@@ -1,3 +1,13 @@
+High-level analysis:
+
+- Prerequisites:
+    - Knowledge of a 128-bit userid of a victim
+    - Valid login session
+- Impact:
+    - Full impact on all information related to the user, including sensitive data
+
+---
+
 - Attack Vector (AV): Network (N)
 - Attack Complexity (AC): High (H)
 - Attack Requirements (AT): None (N)

trainingportal/static/lessons/cvss/cvss_5_chain.sol.md

@@ -1,9 +1,17 @@
+High-level analysis:
+
+- Prerequisites:
+    - Previous prerequisite of "Knowledge of a 128-bit userid of a victim" is now easily satisfied by Vulnerability 1
+    - Valid login session
+- Impact:
+    - Full impact on all information related to **any** user, including sensitive data
+
+---
+
 - Attack Vector: Network (N)
 - Attack Complexity: Low (L)
-    - The requirement on knowing the unique userid is still present, however vulnerability 1 allows the attacker to easily obtain these for all users.
 - Attack Requirements: None (N)
 - Privileges Required: Low (L)
-    - The attacker still needs to be authenticated user in order to perform the second part of the attack i.e. obtain sensitive data.
 - User Interaction: None (N)
 - Vulnerable System Confidentiality: High (H)
 - Vulnerable System Integrity: None (N)