CVSS

Common Vulnerability Scoring System. For details, see https://www.first.org/cvss/specification-document This is a message we will try to use for storing various versions of CVSS rather than making a separate proto for storing a specific version.

JSON representation
{
  "baseScore": number,
  "exploitabilityScore": number,
  "impactScore": number,
  "attackVector": enum (AttackVector),
  "attackComplexity": enum (AttackComplexity),
  "authentication": enum (Authentication),
  "privilegesRequired": enum (PrivilegesRequired),
  "userInteraction": enum (UserInteraction),
  "scope": enum (Scope),
  "confidentialityImpact": enum (Impact),
  "integrityImpact": enum (Impact),
  "availabilityImpact": enum (Impact)
}
Fields
baseScore

number

The base score is a function of the base metric scores.

exploitabilityScore

number

impactScore

number

attackVector

enum (AttackVector)

Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.

attackComplexity

enum (AttackComplexity)

authentication

enum (Authentication)

privilegesRequired

enum (PrivilegesRequired)

userInteraction

enum (UserInteraction)

scope

enum (Scope)

confidentialityImpact

enum (Impact)

integrityImpact

enum (Impact)

availabilityImpact

enum (Impact)

AttackVector

Enums
ATTACK_VECTOR_UNSPECIFIED
ATTACK_VECTOR_NETWORK
ATTACK_VECTOR_ADJACENT
ATTACK_VECTOR_LOCAL
ATTACK_VECTOR_PHYSICAL

AttackComplexity

Enums
ATTACK_COMPLEXITY_UNSPECIFIED
ATTACK_COMPLEXITY_LOW
ATTACK_COMPLEXITY_HIGH
ATTACK_COMPLEXITY_MEDIUM

Authentication

Enums
AUTHENTICATION_UNSPECIFIED
AUTHENTICATION_MULTIPLE
AUTHENTICATION_SINGLE
AUTHENTICATION_NONE

PrivilegesRequired

Enums
PRIVILEGES_REQUIRED_UNSPECIFIED
PRIVILEGES_REQUIRED_NONE
PRIVILEGES_REQUIRED_LOW
PRIVILEGES_REQUIRED_HIGH

UserInteraction

Enums
USER_INTERACTION_UNSPECIFIED
USER_INTERACTION_NONE
USER_INTERACTION_REQUIRED

Scope

Enums
SCOPE_UNSPECIFIED
SCOPE_UNCHANGED
SCOPE_CHANGED

Impact

Enums
IMPACT_UNSPECIFIED
IMPACT_HIGH
IMPACT_LOW
IMPACT_NONE
IMPACT_PARTIAL
IMPACT_COMPLETE