huntr icon indicating copy to clipboard operation
huntr copied to clipboard
verified publisher icon 418sec

I spend a lot of my time manually assigning and publishing CVEs

Open JamieSlome opened this issue 3 years ago • 15 comments

From an operational perspective, I spend a lot of time responding to requests to assign and publish CVEs against reports that have not automatically received one. Typically, the researcher requests one, and I need to get confirmation that the maintainer is happy to assign and publish a CVE. Less frequently, the maintainer gets in touch asking for a CVE to be assigned and published.

This is all orchestrated via the usage of @admin.

It would be great to come up with a way to automate this via the platform, i.e. allowing the researcher to request a CVE directly from the maintainer, or allowing the maintainer to themselves assign and publish the CVE.

JamieSlome avatar Mar 04 '22 11:03 JamieSlome

Reference

Screenshot 2022-03-06 at 09 05 29

JamieSlome avatar Mar 06 '22 09:03 JamieSlome

Reference: https://www.huntr.dev/bounties/cc3080e6-2f94-4f69-b558-db3b8ec7bd21/

Screenshot 2022-03-07 at 10 25 20

JamieSlome avatar Mar 07 '22 10:03 JamieSlome

A few more...

https://huntr.dev/bounties/bd2fb1f1-cc8b-4ef7-8e2b-4ca686d8d614/ https://huntr.dev/bounties/49940dd2-72c2-4607-857a-1fade7e8f080/ https://huntr.dev/bounties/8ce4b776-1c53-45ec-bc5f-783077e2d324/

It would be nice if there is a checkbox / button "Issue" CVE for the "smaller" but eligible projects (Distribution via npm, apt or pacakgist and so on.. But are too small for auto "generation" CVEs.

jaapmarcus avatar Mar 07 '22 10:03 jaapmarcus

Reference:

https://www.huntr.dev/bounties/44d40f34-c391-40c0-a517-12a2c0258149

Screenshot 2022-03-08 at 13 28 42

JamieSlome avatar Mar 08 '22 13:03 JamieSlome

Reference:

https://www.huntr.dev/bounties/708971a6-1e6c-4c51-a411-255caeba51df

Screenshot 2022-03-09 at 14 57 20

JamieSlome avatar Mar 09 '22 14:03 JamieSlome

Reference:

https://www.huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5

Screenshot 2022-03-10 at 16 56 43

JamieSlome avatar Mar 10 '22 16:03 JamieSlome

Reference:

https://www.huntr.dev/bounties/88ae4cbc-c697-401b-8b04-7dc4e03ad8eb

Screenshot 2022-03-11 at 10 31 01

JamieSlome avatar Mar 11 '22 10:03 JamieSlome

Reference:

https://www.huntr.dev/bounties/3cbbccbe-8d77-40ec-8efd-f0ca588787fa/

Screenshot 2022-03-14 at 11 24 21

JamieSlome avatar Mar 14 '22 11:03 JamieSlome

Reference:

https://www.huntr.dev/bounties/57635c78-303f-412f-b75a-623df9fa9edd/

Screenshot 2022-03-15 at 11 19 49

JamieSlome avatar Mar 15 '22 11:03 JamieSlome

At the same time please also consider automation of the "Publishing" of the CVE after it has been "issued" / patched

jaapmarcus avatar Mar 16 '22 09:03 jaapmarcus

Reference:

https://www.huntr.dev/bounties/b13a9ee0-a0bc-4548-93c0-a9c0a305ea9a/

Screenshot 2022-03-16 at 10 34 16

JamieSlome avatar Mar 16 '22 10:03 JamieSlome

Reference:

https://www.huntr.dev/bounties/880d1171-3f82-490f-9a69-90324832dcbc/

Screenshot 2022-03-16 at 10 38 15

JamieSlome avatar Mar 16 '22 10:03 JamieSlome

Reference:

https://www.huntr.dev/bounties/851942a4-1d64-4553-8fdc-9fccd167864b/

Screenshot 2022-03-18 at 14 16 07

JamieSlome avatar Mar 18 '22 14:03 JamieSlome

Reference:

https://www.huntr.dev/bounties/b4928cfe-4110-462f-a180-6d5673797902/

Screenshot 2022-03-20 at 06 52 37

JamieSlome avatar Mar 20 '22 06:03 JamieSlome

Reference:

https://www.huntr.dev/bounties/b0c4f992-4ac8-4479-82f4-367ed1a2a826/

Screenshot 2022-03-21 at 11 13 01

JamieSlome avatar Mar 21 '22 11:03 JamieSlome