CVSSv3(mapping=None, *, ignore_unknown_fields=False, **kwargs)
Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document
Attributes | |
---|---|
Name | Description |
base_score |
float
The base score is a function of the base metric scores. https://www.first.org/cvss/specification-document#Base-Metrics |
exploitability_score |
float
The Exploitability sub-score equation is derived from the Base Exploitability metrics. https://www.first.org/cvss/specification-document#2-1-Exploitability-Metrics |
impact_score |
float
The Impact sub-score equation is derived from the Base Impact metrics. |
attack_vector |
google.cloud.osconfig_v1.types.CVSSv3.AttackVector
This metric reflects the context by which vulnerability exploitation is possible. |
attack_complexity |
google.cloud.osconfig_v1.types.CVSSv3.AttackComplexity
This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability. |
privileges_required |
google.cloud.osconfig_v1.types.CVSSv3.PrivilegesRequired
This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. |
user_interaction |
google.cloud.osconfig_v1.types.CVSSv3.UserInteraction
This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component. |
scope |
google.cloud.osconfig_v1.types.CVSSv3.Scope
The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope. |
confidentiality_impact |
google.cloud.osconfig_v1.types.CVSSv3.Impact
This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. |
integrity_impact |
google.cloud.osconfig_v1.types.CVSSv3.Impact
This metric measures the impact to integrity of a successfully exploited vulnerability. |
availability_impact |
google.cloud.osconfig_v1.types.CVSSv3.Impact
This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. |
Classes
AttackComplexity
AttackComplexity(value)
This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
Values: ATTACK_COMPLEXITY_UNSPECIFIED (0): Invalid value. ATTACK_COMPLEXITY_LOW (1): Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component. ATTACK_COMPLEXITY_HIGH (2): A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected.
AttackVector
AttackVector(value)
This metric reflects the context by which vulnerability exploitation is possible.
Values: ATTACK_VECTOR_UNSPECIFIED (0): Invalid value. ATTACK_VECTOR_NETWORK (1): The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. ATTACK_VECTOR_ADJACENT (2): The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology. ATTACK_VECTOR_LOCAL (3): The vulnerable component is not bound to the network stack and the attacker's path is via read/write/execute capabilities. ATTACK_VECTOR_PHYSICAL (4): The attack requires the attacker to physically touch or manipulate the vulnerable component.
Impact
Impact(value)
The Impact metrics capture the effects of a successfully exploited vulnerability on the component that suffers the worst outcome that is most directly and predictably associated with the attack.
Values: IMPACT_UNSPECIFIED (0): Invalid value. IMPACT_HIGH (1): High impact. IMPACT_LOW (2): Low impact. IMPACT_NONE (3): No impact.
PrivilegesRequired
PrivilegesRequired(value)
This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
Values: PRIVILEGES_REQUIRED_UNSPECIFIED (0): Invalid value. PRIVILEGES_REQUIRED_NONE (1): The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack. PRIVILEGES_REQUIRED_LOW (2): The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources. PRIVILEGES_REQUIRED_HIGH (3): The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable component allowing access to component-wide settings and files.
Scope
Scope(value)
The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
Values: SCOPE_UNSPECIFIED (0): Invalid value. SCOPE_UNCHANGED (1): An exploited vulnerability can only affect resources managed by the same security authority. SCOPE_CHANGED (2): An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component.
UserInteraction
UserInteraction(value)
This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
Values: USER_INTERACTION_UNSPECIFIED (0): Invalid value. USER_INTERACTION_NONE (1): The vulnerable system can be exploited without interaction from any user. USER_INTERACTION_REQUIRED (2): Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited.