Class: Google::Cloud::OsConfig::V1::CVSSv3

Inherits:

Object

• Object
• Google::Cloud::OsConfig::V1::CVSSv3

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/osconfig/v1/vulnerability.rb

Overview

Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document

Defined Under Namespace

Modules: AttackComplexity, AttackVector, Impact, PrivilegesRequired, Scope, UserInteraction

Instance Attribute Summary

• #attack_complexity ⇒ ::Google::Cloud::OsConfig::V1::CVSSv3::AttackComplexity

  This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.

• #attack_vector ⇒ ::Google::Cloud::OsConfig::V1::CVSSv3::AttackVector

  This metric reflects the context by which vulnerability exploitation is possible.

• #availability_impact ⇒ ::Google::Cloud::OsConfig::V1::CVSSv3::Impact

  This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.

• #base_score ⇒ ::Float

  The base score is a function of the base metric scores.

• #confidentiality_impact ⇒ ::Google::Cloud::OsConfig::V1::CVSSv3::Impact

  This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.

• #exploitability_score ⇒ ::Float

  The Exploitability sub-score equation is derived from the Base Exploitability metrics.

• #impact_score ⇒ ::Float

  The Impact sub-score equation is derived from the Base Impact metrics.

• #integrity_impact ⇒ ::Google::Cloud::OsConfig::V1::CVSSv3::Impact

  This metric measures the impact to integrity of a successfully exploited vulnerability.

• #privileges_required ⇒ ::Google::Cloud::OsConfig::V1::CVSSv3::PrivilegesRequired

  This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.

• #scope ⇒ ::Google::Cloud::OsConfig::V1::CVSSv3::Scope

  The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.

• #user_interaction ⇒ ::Google::Cloud::OsConfig::V1::CVSSv3::UserInteraction

  This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.

Instance Attribute Details

#attack_complexity ⇒ ::Google::Cloud::OsConfig::V1::CVSSv3::AttackComplexity

Returns This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.

Returns:

• (::Google::Cloud::OsConfig::V1::CVSSv3::AttackComplexity) —

  This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.

# File 'proto_docs/google/cloud/osconfig/v1/vulnerability.rb', line 256

class CVSSv3
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This metric reflects the context by which vulnerability exploitation is
  # possible.
  module AttackVector
    # Invalid value.
    ATTACK_VECTOR_UNSPECIFIED = 0

    # The vulnerable component is bound to the network stack and the set of
    # possible attackers extends beyond the other options listed below, up to
    # and including the entire Internet.
    ATTACK_VECTOR_NETWORK = 1

    # The vulnerable component is bound to the network stack, but the attack is
    # limited at the protocol level to a logically adjacent topology.
    ATTACK_VECTOR_ADJACENT = 2

    # The vulnerable component is not bound to the network stack and the
    # attacker's path is via read/write/execute capabilities.
    ATTACK_VECTOR_LOCAL = 3

    # The attack requires the attacker to physically touch or manipulate the
    # vulnerable component.
    ATTACK_VECTOR_PHYSICAL = 4
  end

  # This metric describes the conditions beyond the attacker's control that
  # must exist in order to exploit the vulnerability.
  module AttackComplexity
    # Invalid value.
    ATTACK_COMPLEXITY_UNSPECIFIED = 0

    # Specialized access conditions or extenuating circumstances do not exist.
    # An attacker can expect repeatable success when attacking the vulnerable
    # component.
    ATTACK_COMPLEXITY_LOW = 1

    # A successful attack depends on conditions beyond the attacker's control.
    # That is, a successful attack cannot be accomplished at will, but requires
    # the attacker to invest in some measurable amount of effort in preparation
    # or execution against the vulnerable component before a successful attack
    # can be expected.
    ATTACK_COMPLEXITY_HIGH = 2
  end

  # This metric describes the level of privileges an attacker must possess
  # before successfully exploiting the vulnerability.
  module PrivilegesRequired
    # Invalid value.
    PRIVILEGES_REQUIRED_UNSPECIFIED = 0

    # The attacker is unauthorized prior to attack, and therefore does not
    # require any access to settings or files of the vulnerable system to
    # carry out an attack.
    PRIVILEGES_REQUIRED_NONE = 1

    # The attacker requires privileges that provide basic user capabilities
    # that could normally affect only settings and files owned by a user.
    # Alternatively, an attacker with Low privileges has the ability to access
    # only non-sensitive resources.
    PRIVILEGES_REQUIRED_LOW = 2

    # The attacker requires privileges that provide significant (e.g.,
    # administrative) control over the vulnerable component allowing access to
    # component-wide settings and files.
    PRIVILEGES_REQUIRED_HIGH = 3
  end

  # This metric captures the requirement for a human user, other than the
  # attacker, to participate in the successful compromise of the vulnerable
  # component.
  module UserInteraction
    # Invalid value.
    USER_INTERACTION_UNSPECIFIED = 0

    # The vulnerable system can be exploited without interaction from any user.
    USER_INTERACTION_NONE = 1

    # Successful exploitation of this vulnerability requires a user to take
    # some action before the vulnerability can be exploited.
    USER_INTERACTION_REQUIRED = 2
  end

  # The Scope metric captures whether a vulnerability in one vulnerable
  # component impacts resources in components beyond its security scope.
  module Scope
    # Invalid value.
    SCOPE_UNSPECIFIED = 0

    # An exploited vulnerability can only affect resources managed by the same
    # security authority.
    SCOPE_UNCHANGED = 1

    # An exploited vulnerability can affect resources beyond the security scope
    # managed by the security authority of the vulnerable component.
    SCOPE_CHANGED = 2
  end

  # The Impact metrics capture the effects of a successfully exploited
  # vulnerability on the component that suffers the worst outcome that is most
  # directly and predictably associated with the attack.
  module Impact
    # Invalid value.
    IMPACT_UNSPECIFIED = 0

    # High impact.
    IMPACT_HIGH = 1

    # Low impact.
    IMPACT_LOW = 2

    # No impact.
    IMPACT_NONE = 3
  end
end

#attack_vector ⇒ ::Google::Cloud::OsConfig::V1::CVSSv3::AttackVector

Returns This metric reflects the context by which vulnerability exploitation is possible.

Returns:

• (::Google::Cloud::OsConfig::V1::CVSSv3::AttackVector) —

  This metric reflects the context by which vulnerability exploitation is possible.

# File 'proto_docs/google/cloud/osconfig/v1/vulnerability.rb', line 256

class CVSSv3
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This metric reflects the context by which vulnerability exploitation is
  # possible.
  module AttackVector
    # Invalid value.
    ATTACK_VECTOR_UNSPECIFIED = 0

    # The vulnerable component is bound to the network stack and the set of
    # possible attackers extends beyond the other options listed below, up to
    # and including the entire Internet.
    ATTACK_VECTOR_NETWORK = 1

    # The vulnerable component is bound to the network stack, but the attack is
    # limited at the protocol level to a logically adjacent topology.
    ATTACK_VECTOR_ADJACENT = 2

    # The vulnerable component is not bound to the network stack and the
    # attacker's path is via read/write/execute capabilities.
    ATTACK_VECTOR_LOCAL = 3

    # The attack requires the attacker to physically touch or manipulate the
    # vulnerable component.
    ATTACK_VECTOR_PHYSICAL = 4
  end

  # This metric describes the conditions beyond the attacker's control that
  # must exist in order to exploit the vulnerability.
  module AttackComplexity
    # Invalid value.
    ATTACK_COMPLEXITY_UNSPECIFIED = 0

    # Specialized access conditions or extenuating circumstances do not exist.
    # An attacker can expect repeatable success when attacking the vulnerable
    # component.
    ATTACK_COMPLEXITY_LOW = 1

    # A successful attack depends on conditions beyond the attacker's control.
    # That is, a successful attack cannot be accomplished at will, but requires
    # the attacker to invest in some measurable amount of effort in preparation
    # or execution against the vulnerable component before a successful attack
    # can be expected.
    ATTACK_COMPLEXITY_HIGH = 2
  end

  # This metric describes the level of privileges an attacker must possess
  # before successfully exploiting the vulnerability.
  module PrivilegesRequired
    # Invalid value.
    PRIVILEGES_REQUIRED_UNSPECIFIED = 0

    # The attacker is unauthorized prior to attack, and therefore does not
    # require any access to settings or files of the vulnerable system to
    # carry out an attack.
    PRIVILEGES_REQUIRED_NONE = 1

    # The attacker requires privileges that provide basic user capabilities
    # that could normally affect only settings and files owned by a user.
    # Alternatively, an attacker with Low privileges has the ability to access
    # only non-sensitive resources.
    PRIVILEGES_REQUIRED_LOW = 2

    # The attacker requires privileges that provide significant (e.g.,
    # administrative) control over the vulnerable component allowing access to
    # component-wide settings and files.
    PRIVILEGES_REQUIRED_HIGH = 3
  end

  # This metric captures the requirement for a human user, other than the
  # attacker, to participate in the successful compromise of the vulnerable
  # component.
  module UserInteraction
    # Invalid value.
    USER_INTERACTION_UNSPECIFIED = 0

    # The vulnerable system can be exploited without interaction from any user.
    USER_INTERACTION_NONE = 1

    # Successful exploitation of this vulnerability requires a user to take
    # some action before the vulnerability can be exploited.
    USER_INTERACTION_REQUIRED = 2
  end

  # The Scope metric captures whether a vulnerability in one vulnerable
  # component impacts resources in components beyond its security scope.
  module Scope
    # Invalid value.
    SCOPE_UNSPECIFIED = 0

    # An exploited vulnerability can only affect resources managed by the same
    # security authority.
    SCOPE_UNCHANGED = 1

    # An exploited vulnerability can affect resources beyond the security scope
    # managed by the security authority of the vulnerable component.
    SCOPE_CHANGED = 2
  end

  # The Impact metrics capture the effects of a successfully exploited
  # vulnerability on the component that suffers the worst outcome that is most
  # directly and predictably associated with the attack.
  module Impact
    # Invalid value.
    IMPACT_UNSPECIFIED = 0

    # High impact.
    IMPACT_HIGH = 1

    # Low impact.
    IMPACT_LOW = 2

    # No impact.
    IMPACT_NONE = 3
  end
end

#availability_impact ⇒ ::Google::Cloud::OsConfig::V1::CVSSv3::Impact

Returns This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.

Returns:

• (::Google::Cloud::OsConfig::V1::CVSSv3::Impact) —

  This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.

# File 'proto_docs/google/cloud/osconfig/v1/vulnerability.rb', line 256

class CVSSv3
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This metric reflects the context by which vulnerability exploitation is
  # possible.
  module AttackVector
    # Invalid value.
    ATTACK_VECTOR_UNSPECIFIED = 0

    # The vulnerable component is bound to the network stack and the set of
    # possible attackers extends beyond the other options listed below, up to
    # and including the entire Internet.
    ATTACK_VECTOR_NETWORK = 1

    # The vulnerable component is bound to the network stack, but the attack is
    # limited at the protocol level to a logically adjacent topology.
    ATTACK_VECTOR_ADJACENT = 2

    # The vulnerable component is not bound to the network stack and the
    # attacker's path is via read/write/execute capabilities.
    ATTACK_VECTOR_LOCAL = 3

    # The attack requires the attacker to physically touch or manipulate the
    # vulnerable component.
    ATTACK_VECTOR_PHYSICAL = 4
  end

  # This metric describes the conditions beyond the attacker's control that
  # must exist in order to exploit the vulnerability.
  module AttackComplexity
    # Invalid value.
    ATTACK_COMPLEXITY_UNSPECIFIED = 0

    # Specialized access conditions or extenuating circumstances do not exist.
    # An attacker can expect repeatable success when attacking the vulnerable
    # component.
    ATTACK_COMPLEXITY_LOW = 1

    # A successful attack depends on conditions beyond the attacker's control.
    # That is, a successful attack cannot be accomplished at will, but requires
    # the attacker to invest in some measurable amount of effort in preparation
    # or execution against the vulnerable component before a successful attack
    # can be expected.
    ATTACK_COMPLEXITY_HIGH = 2
  end

  # This metric describes the level of privileges an attacker must possess
  # before successfully exploiting the vulnerability.
  module PrivilegesRequired
    # Invalid value.
    PRIVILEGES_REQUIRED_UNSPECIFIED = 0

    # The attacker is unauthorized prior to attack, and therefore does not
    # require any access to settings or files of the vulnerable system to
    # carry out an attack.
    PRIVILEGES_REQUIRED_NONE = 1

    # The attacker requires privileges that provide basic user capabilities
    # that could normally affect only settings and files owned by a user.
    # Alternatively, an attacker with Low privileges has the ability to access
    # only non-sensitive resources.
    PRIVILEGES_REQUIRED_LOW = 2

    # The attacker requires privileges that provide significant (e.g.,
    # administrative) control over the vulnerable component allowing access to
    # component-wide settings and files.
    PRIVILEGES_REQUIRED_HIGH = 3
  end

  # This metric captures the requirement for a human user, other than the
  # attacker, to participate in the successful compromise of the vulnerable
  # component.
  module UserInteraction
    # Invalid value.
    USER_INTERACTION_UNSPECIFIED = 0

    # The vulnerable system can be exploited without interaction from any user.
    USER_INTERACTION_NONE = 1

    # Successful exploitation of this vulnerability requires a user to take
    # some action before the vulnerability can be exploited.
    USER_INTERACTION_REQUIRED = 2
  end

  # The Scope metric captures whether a vulnerability in one vulnerable
  # component impacts resources in components beyond its security scope.
  module Scope
    # Invalid value.
    SCOPE_UNSPECIFIED = 0

    # An exploited vulnerability can only affect resources managed by the same
    # security authority.
    SCOPE_UNCHANGED = 1

    # An exploited vulnerability can affect resources beyond the security scope
    # managed by the security authority of the vulnerable component.
    SCOPE_CHANGED = 2
  end

  # The Impact metrics capture the effects of a successfully exploited
  # vulnerability on the component that suffers the worst outcome that is most
  # directly and predictably associated with the attack.
  module Impact
    # Invalid value.
    IMPACT_UNSPECIFIED = 0

    # High impact.
    IMPACT_HIGH = 1

    # Low impact.
    IMPACT_LOW = 2

    # No impact.
    IMPACT_NONE = 3
  end
end

#base_score ⇒ ::Float

Returns The base score is a function of the base metric scores. https://www.first.org/cvss/specification-document#Base-Metrics.

Returns:

• (::Float) —

  The base score is a function of the base metric scores. https://www.first.org/cvss/specification-document#Base-Metrics

# File 'proto_docs/google/cloud/osconfig/v1/vulnerability.rb', line 256

class CVSSv3
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This metric reflects the context by which vulnerability exploitation is
  # possible.
  module AttackVector
    # Invalid value.
    ATTACK_VECTOR_UNSPECIFIED = 0

    # The vulnerable component is bound to the network stack and the set of
    # possible attackers extends beyond the other options listed below, up to
    # and including the entire Internet.
    ATTACK_VECTOR_NETWORK = 1

    # The vulnerable component is bound to the network stack, but the attack is
    # limited at the protocol level to a logically adjacent topology.
    ATTACK_VECTOR_ADJACENT = 2

    # The vulnerable component is not bound to the network stack and the
    # attacker's path is via read/write/execute capabilities.
    ATTACK_VECTOR_LOCAL = 3

    # The attack requires the attacker to physically touch or manipulate the
    # vulnerable component.
    ATTACK_VECTOR_PHYSICAL = 4
  end

  # This metric describes the conditions beyond the attacker's control that
  # must exist in order to exploit the vulnerability.
  module AttackComplexity
    # Invalid value.
    ATTACK_COMPLEXITY_UNSPECIFIED = 0

    # Specialized access conditions or extenuating circumstances do not exist.
    # An attacker can expect repeatable success when attacking the vulnerable
    # component.
    ATTACK_COMPLEXITY_LOW = 1

    # A successful attack depends on conditions beyond the attacker's control.
    # That is, a successful attack cannot be accomplished at will, but requires
    # the attacker to invest in some measurable amount of effort in preparation
    # or execution against the vulnerable component before a successful attack
    # can be expected.
    ATTACK_COMPLEXITY_HIGH = 2
  end

  # This metric describes the level of privileges an attacker must possess
  # before successfully exploiting the vulnerability.
  module PrivilegesRequired
    # Invalid value.
    PRIVILEGES_REQUIRED_UNSPECIFIED = 0

    # The attacker is unauthorized prior to attack, and therefore does not
    # require any access to settings or files of the vulnerable system to
    # carry out an attack.
    PRIVILEGES_REQUIRED_NONE = 1

    # The attacker requires privileges that provide basic user capabilities
    # that could normally affect only settings and files owned by a user.
    # Alternatively, an attacker with Low privileges has the ability to access
    # only non-sensitive resources.
    PRIVILEGES_REQUIRED_LOW = 2

    # The attacker requires privileges that provide significant (e.g.,
    # administrative) control over the vulnerable component allowing access to
    # component-wide settings and files.
    PRIVILEGES_REQUIRED_HIGH = 3
  end

  # This metric captures the requirement for a human user, other than the
  # attacker, to participate in the successful compromise of the vulnerable
  # component.
  module UserInteraction
    # Invalid value.
    USER_INTERACTION_UNSPECIFIED = 0

    # The vulnerable system can be exploited without interaction from any user.
    USER_INTERACTION_NONE = 1

    # Successful exploitation of this vulnerability requires a user to take
    # some action before the vulnerability can be exploited.
    USER_INTERACTION_REQUIRED = 2
  end

  # The Scope metric captures whether a vulnerability in one vulnerable
  # component impacts resources in components beyond its security scope.
  module Scope
    # Invalid value.
    SCOPE_UNSPECIFIED = 0

    # An exploited vulnerability can only affect resources managed by the same
    # security authority.
    SCOPE_UNCHANGED = 1

    # An exploited vulnerability can affect resources beyond the security scope
    # managed by the security authority of the vulnerable component.
    SCOPE_CHANGED = 2
  end

  # The Impact metrics capture the effects of a successfully exploited
  # vulnerability on the component that suffers the worst outcome that is most
  # directly and predictably associated with the attack.
  module Impact
    # Invalid value.
    IMPACT_UNSPECIFIED = 0

    # High impact.
    IMPACT_HIGH = 1

    # Low impact.
    IMPACT_LOW = 2

    # No impact.
    IMPACT_NONE = 3
  end
end

#confidentiality_impact ⇒ ::Google::Cloud::OsConfig::V1::CVSSv3::Impact

Returns This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.

Returns:

• (::Google::Cloud::OsConfig::V1::CVSSv3::Impact) —

  This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.

# File 'proto_docs/google/cloud/osconfig/v1/vulnerability.rb', line 256

class CVSSv3
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This metric reflects the context by which vulnerability exploitation is
  # possible.
  module AttackVector
    # Invalid value.
    ATTACK_VECTOR_UNSPECIFIED = 0

    # The vulnerable component is bound to the network stack and the set of
    # possible attackers extends beyond the other options listed below, up to
    # and including the entire Internet.
    ATTACK_VECTOR_NETWORK = 1

    # The vulnerable component is bound to the network stack, but the attack is
    # limited at the protocol level to a logically adjacent topology.
    ATTACK_VECTOR_ADJACENT = 2

    # The vulnerable component is not bound to the network stack and the
    # attacker's path is via read/write/execute capabilities.
    ATTACK_VECTOR_LOCAL = 3

    # The attack requires the attacker to physically touch or manipulate the
    # vulnerable component.
    ATTACK_VECTOR_PHYSICAL = 4
  end

  # This metric describes the conditions beyond the attacker's control that
  # must exist in order to exploit the vulnerability.
  module AttackComplexity
    # Invalid value.
    ATTACK_COMPLEXITY_UNSPECIFIED = 0

    # Specialized access conditions or extenuating circumstances do not exist.
    # An attacker can expect repeatable success when attacking the vulnerable
    # component.
    ATTACK_COMPLEXITY_LOW = 1

    # A successful attack depends on conditions beyond the attacker's control.
    # That is, a successful attack cannot be accomplished at will, but requires
    # the attacker to invest in some measurable amount of effort in preparation
    # or execution against the vulnerable component before a successful attack
    # can be expected.
    ATTACK_COMPLEXITY_HIGH = 2
  end

  # This metric describes the level of privileges an attacker must possess
  # before successfully exploiting the vulnerability.
  module PrivilegesRequired
    # Invalid value.
    PRIVILEGES_REQUIRED_UNSPECIFIED = 0

    # The attacker is unauthorized prior to attack, and therefore does not
    # require any access to settings or files of the vulnerable system to
    # carry out an attack.
    PRIVILEGES_REQUIRED_NONE = 1

    # The attacker requires privileges that provide basic user capabilities
    # that could normally affect only settings and files owned by a user.
    # Alternatively, an attacker with Low privileges has the ability to access
    # only non-sensitive resources.
    PRIVILEGES_REQUIRED_LOW = 2

    # The attacker requires privileges that provide significant (e.g.,
    # administrative) control over the vulnerable component allowing access to
    # component-wide settings and files.
    PRIVILEGES_REQUIRED_HIGH = 3
  end

  # This metric captures the requirement for a human user, other than the
  # attacker, to participate in the successful compromise of the vulnerable
  # component.
  module UserInteraction
    # Invalid value.
    USER_INTERACTION_UNSPECIFIED = 0

    # The vulnerable system can be exploited without interaction from any user.
    USER_INTERACTION_NONE = 1

    # Successful exploitation of this vulnerability requires a user to take
    # some action before the vulnerability can be exploited.
    USER_INTERACTION_REQUIRED = 2
  end

  # The Scope metric captures whether a vulnerability in one vulnerable
  # component impacts resources in components beyond its security scope.
  module Scope
    # Invalid value.
    SCOPE_UNSPECIFIED = 0

    # An exploited vulnerability can only affect resources managed by the same
    # security authority.
    SCOPE_UNCHANGED = 1

    # An exploited vulnerability can affect resources beyond the security scope
    # managed by the security authority of the vulnerable component.
    SCOPE_CHANGED = 2
  end

  # The Impact metrics capture the effects of a successfully exploited
  # vulnerability on the component that suffers the worst outcome that is most
  # directly and predictably associated with the attack.
  module Impact
    # Invalid value.
    IMPACT_UNSPECIFIED = 0

    # High impact.
    IMPACT_HIGH = 1

    # Low impact.
    IMPACT_LOW = 2

    # No impact.
    IMPACT_NONE = 3
  end
end

#exploitability_score ⇒ ::Float

Returns The Exploitability sub-score equation is derived from the Base Exploitability metrics. https://www.first.org/cvss/specification-document#2-1-Exploitability-Metrics.

Returns:

• (::Float) —

  The Exploitability sub-score equation is derived from the Base Exploitability metrics. https://www.first.org/cvss/specification-document#2-1-Exploitability-Metrics

# File 'proto_docs/google/cloud/osconfig/v1/vulnerability.rb', line 256

class CVSSv3
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This metric reflects the context by which vulnerability exploitation is
  # possible.
  module AttackVector
    # Invalid value.
    ATTACK_VECTOR_UNSPECIFIED = 0

    # The vulnerable component is bound to the network stack and the set of
    # possible attackers extends beyond the other options listed below, up to
    # and including the entire Internet.
    ATTACK_VECTOR_NETWORK = 1

    # The vulnerable component is bound to the network stack, but the attack is
    # limited at the protocol level to a logically adjacent topology.
    ATTACK_VECTOR_ADJACENT = 2

    # The vulnerable component is not bound to the network stack and the
    # attacker's path is via read/write/execute capabilities.
    ATTACK_VECTOR_LOCAL = 3

    # The attack requires the attacker to physically touch or manipulate the
    # vulnerable component.
    ATTACK_VECTOR_PHYSICAL = 4
  end

  # This metric describes the conditions beyond the attacker's control that
  # must exist in order to exploit the vulnerability.
  module AttackComplexity
    # Invalid value.
    ATTACK_COMPLEXITY_UNSPECIFIED = 0

    # Specialized access conditions or extenuating circumstances do not exist.
    # An attacker can expect repeatable success when attacking the vulnerable
    # component.
    ATTACK_COMPLEXITY_LOW = 1

    # A successful attack depends on conditions beyond the attacker's control.
    # That is, a successful attack cannot be accomplished at will, but requires
    # the attacker to invest in some measurable amount of effort in preparation
    # or execution against the vulnerable component before a successful attack
    # can be expected.
    ATTACK_COMPLEXITY_HIGH = 2
  end

  # This metric describes the level of privileges an attacker must possess
  # before successfully exploiting the vulnerability.
  module PrivilegesRequired
    # Invalid value.
    PRIVILEGES_REQUIRED_UNSPECIFIED = 0

    # The attacker is unauthorized prior to attack, and therefore does not
    # require any access to settings or files of the vulnerable system to
    # carry out an attack.
    PRIVILEGES_REQUIRED_NONE = 1

    # The attacker requires privileges that provide basic user capabilities
    # that could normally affect only settings and files owned by a user.
    # Alternatively, an attacker with Low privileges has the ability to access
    # only non-sensitive resources.
    PRIVILEGES_REQUIRED_LOW = 2

    # The attacker requires privileges that provide significant (e.g.,
    # administrative) control over the vulnerable component allowing access to
    # component-wide settings and files.
    PRIVILEGES_REQUIRED_HIGH = 3
  end

  # This metric captures the requirement for a human user, other than the
  # attacker, to participate in the successful compromise of the vulnerable
  # component.
  module UserInteraction
    # Invalid value.
    USER_INTERACTION_UNSPECIFIED = 0

    # The vulnerable system can be exploited without interaction from any user.
    USER_INTERACTION_NONE = 1

    # Successful exploitation of this vulnerability requires a user to take
    # some action before the vulnerability can be exploited.
    USER_INTERACTION_REQUIRED = 2
  end

  # The Scope metric captures whether a vulnerability in one vulnerable
  # component impacts resources in components beyond its security scope.
  module Scope
    # Invalid value.
    SCOPE_UNSPECIFIED = 0

    # An exploited vulnerability can only affect resources managed by the same
    # security authority.
    SCOPE_UNCHANGED = 1

    # An exploited vulnerability can affect resources beyond the security scope
    # managed by the security authority of the vulnerable component.
    SCOPE_CHANGED = 2
  end

  # The Impact metrics capture the effects of a successfully exploited
  # vulnerability on the component that suffers the worst outcome that is most
  # directly and predictably associated with the attack.
  module Impact
    # Invalid value.
    IMPACT_UNSPECIFIED = 0

    # High impact.
    IMPACT_HIGH = 1

    # Low impact.
    IMPACT_LOW = 2

    # No impact.
    IMPACT_NONE = 3
  end
end

#impact_score ⇒ ::Float

Returns The Impact sub-score equation is derived from the Base Impact metrics.

Returns:

• (::Float) —

  The Impact sub-score equation is derived from the Base Impact metrics.

# File 'proto_docs/google/cloud/osconfig/v1/vulnerability.rb', line 256

class CVSSv3
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This metric reflects the context by which vulnerability exploitation is
  # possible.
  module AttackVector
    # Invalid value.
    ATTACK_VECTOR_UNSPECIFIED = 0

    # The vulnerable component is bound to the network stack and the set of
    # possible attackers extends beyond the other options listed below, up to
    # and including the entire Internet.
    ATTACK_VECTOR_NETWORK = 1

    # The vulnerable component is bound to the network stack, but the attack is
    # limited at the protocol level to a logically adjacent topology.
    ATTACK_VECTOR_ADJACENT = 2

    # The vulnerable component is not bound to the network stack and the
    # attacker's path is via read/write/execute capabilities.
    ATTACK_VECTOR_LOCAL = 3

    # The attack requires the attacker to physically touch or manipulate the
    # vulnerable component.
    ATTACK_VECTOR_PHYSICAL = 4
  end

  # This metric describes the conditions beyond the attacker's control that
  # must exist in order to exploit the vulnerability.
  module AttackComplexity
    # Invalid value.
    ATTACK_COMPLEXITY_UNSPECIFIED = 0

    # Specialized access conditions or extenuating circumstances do not exist.
    # An attacker can expect repeatable success when attacking the vulnerable
    # component.
    ATTACK_COMPLEXITY_LOW = 1

    # A successful attack depends on conditions beyond the attacker's control.
    # That is, a successful attack cannot be accomplished at will, but requires
    # the attacker to invest in some measurable amount of effort in preparation
    # or execution against the vulnerable component before a successful attack
    # can be expected.
    ATTACK_COMPLEXITY_HIGH = 2
  end

  # This metric describes the level of privileges an attacker must possess
  # before successfully exploiting the vulnerability.
  module PrivilegesRequired
    # Invalid value.
    PRIVILEGES_REQUIRED_UNSPECIFIED = 0

    # The attacker is unauthorized prior to attack, and therefore does not
    # require any access to settings or files of the vulnerable system to
    # carry out an attack.
    PRIVILEGES_REQUIRED_NONE = 1

    # The attacker requires privileges that provide basic user capabilities
    # that could normally affect only settings and files owned by a user.
    # Alternatively, an attacker with Low privileges has the ability to access
    # only non-sensitive resources.
    PRIVILEGES_REQUIRED_LOW = 2

    # The attacker requires privileges that provide significant (e.g.,
    # administrative) control over the vulnerable component allowing access to
    # component-wide settings and files.
    PRIVILEGES_REQUIRED_HIGH = 3
  end

  # This metric captures the requirement for a human user, other than the
  # attacker, to participate in the successful compromise of the vulnerable
  # component.
  module UserInteraction
    # Invalid value.
    USER_INTERACTION_UNSPECIFIED = 0

    # The vulnerable system can be exploited without interaction from any user.
    USER_INTERACTION_NONE = 1

    # Successful exploitation of this vulnerability requires a user to take
    # some action before the vulnerability can be exploited.
    USER_INTERACTION_REQUIRED = 2
  end

  # The Scope metric captures whether a vulnerability in one vulnerable
  # component impacts resources in components beyond its security scope.
  module Scope
    # Invalid value.
    SCOPE_UNSPECIFIED = 0

    # An exploited vulnerability can only affect resources managed by the same
    # security authority.
    SCOPE_UNCHANGED = 1

    # An exploited vulnerability can affect resources beyond the security scope
    # managed by the security authority of the vulnerable component.
    SCOPE_CHANGED = 2
  end

  # The Impact metrics capture the effects of a successfully exploited
  # vulnerability on the component that suffers the worst outcome that is most
  # directly and predictably associated with the attack.
  module Impact
    # Invalid value.
    IMPACT_UNSPECIFIED = 0

    # High impact.
    IMPACT_HIGH = 1

    # Low impact.
    IMPACT_LOW = 2

    # No impact.
    IMPACT_NONE = 3
  end
end

#integrity_impact ⇒ ::Google::Cloud::OsConfig::V1::CVSSv3::Impact

Returns This metric measures the impact to integrity of a successfully exploited vulnerability.

Returns:

• (::Google::Cloud::OsConfig::V1::CVSSv3::Impact) —

  This metric measures the impact to integrity of a successfully exploited vulnerability.

# File 'proto_docs/google/cloud/osconfig/v1/vulnerability.rb', line 256

class CVSSv3
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This metric reflects the context by which vulnerability exploitation is
  # possible.
  module AttackVector
    # Invalid value.
    ATTACK_VECTOR_UNSPECIFIED = 0

    # The vulnerable component is bound to the network stack and the set of
    # possible attackers extends beyond the other options listed below, up to
    # and including the entire Internet.
    ATTACK_VECTOR_NETWORK = 1

    # The vulnerable component is bound to the network stack, but the attack is
    # limited at the protocol level to a logically adjacent topology.
    ATTACK_VECTOR_ADJACENT = 2

    # The vulnerable component is not bound to the network stack and the
    # attacker's path is via read/write/execute capabilities.
    ATTACK_VECTOR_LOCAL = 3

    # The attack requires the attacker to physically touch or manipulate the
    # vulnerable component.
    ATTACK_VECTOR_PHYSICAL = 4
  end

  # This metric describes the conditions beyond the attacker's control that
  # must exist in order to exploit the vulnerability.
  module AttackComplexity
    # Invalid value.
    ATTACK_COMPLEXITY_UNSPECIFIED = 0

    # Specialized access conditions or extenuating circumstances do not exist.
    # An attacker can expect repeatable success when attacking the vulnerable
    # component.
    ATTACK_COMPLEXITY_LOW = 1

    # A successful attack depends on conditions beyond the attacker's control.
    # That is, a successful attack cannot be accomplished at will, but requires
    # the attacker to invest in some measurable amount of effort in preparation
    # or execution against the vulnerable component before a successful attack
    # can be expected.
    ATTACK_COMPLEXITY_HIGH = 2
  end

  # This metric describes the level of privileges an attacker must possess
  # before successfully exploiting the vulnerability.
  module PrivilegesRequired
    # Invalid value.
    PRIVILEGES_REQUIRED_UNSPECIFIED = 0

    # The attacker is unauthorized prior to attack, and therefore does not
    # require any access to settings or files of the vulnerable system to
    # carry out an attack.
    PRIVILEGES_REQUIRED_NONE = 1

    # The attacker requires privileges that provide basic user capabilities
    # that could normally affect only settings and files owned by a user.
    # Alternatively, an attacker with Low privileges has the ability to access
    # only non-sensitive resources.
    PRIVILEGES_REQUIRED_LOW = 2

    # The attacker requires privileges that provide significant (e.g.,
    # administrative) control over the vulnerable component allowing access to
    # component-wide settings and files.
    PRIVILEGES_REQUIRED_HIGH = 3
  end

  # This metric captures the requirement for a human user, other than the
  # attacker, to participate in the successful compromise of the vulnerable
  # component.
  module UserInteraction
    # Invalid value.
    USER_INTERACTION_UNSPECIFIED = 0

    # The vulnerable system can be exploited without interaction from any user.
    USER_INTERACTION_NONE = 1

    # Successful exploitation of this vulnerability requires a user to take
    # some action before the vulnerability can be exploited.
    USER_INTERACTION_REQUIRED = 2
  end

  # The Scope metric captures whether a vulnerability in one vulnerable
  # component impacts resources in components beyond its security scope.
  module Scope
    # Invalid value.
    SCOPE_UNSPECIFIED = 0

    # An exploited vulnerability can only affect resources managed by the same
    # security authority.
    SCOPE_UNCHANGED = 1

    # An exploited vulnerability can affect resources beyond the security scope
    # managed by the security authority of the vulnerable component.
    SCOPE_CHANGED = 2
  end

  # The Impact metrics capture the effects of a successfully exploited
  # vulnerability on the component that suffers the worst outcome that is most
  # directly and predictably associated with the attack.
  module Impact
    # Invalid value.
    IMPACT_UNSPECIFIED = 0

    # High impact.
    IMPACT_HIGH = 1

    # Low impact.
    IMPACT_LOW = 2

    # No impact.
    IMPACT_NONE = 3
  end
end

#privileges_required ⇒ ::Google::Cloud::OsConfig::V1::CVSSv3::PrivilegesRequired

Returns This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.

Returns:

• (::Google::Cloud::OsConfig::V1::CVSSv3::PrivilegesRequired) —

  This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.

# File 'proto_docs/google/cloud/osconfig/v1/vulnerability.rb', line 256

class CVSSv3
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This metric reflects the context by which vulnerability exploitation is
  # possible.
  module AttackVector
    # Invalid value.
    ATTACK_VECTOR_UNSPECIFIED = 0

    # The vulnerable component is bound to the network stack and the set of
    # possible attackers extends beyond the other options listed below, up to
    # and including the entire Internet.
    ATTACK_VECTOR_NETWORK = 1

    # The vulnerable component is bound to the network stack, but the attack is
    # limited at the protocol level to a logically adjacent topology.
    ATTACK_VECTOR_ADJACENT = 2

    # The vulnerable component is not bound to the network stack and the
    # attacker's path is via read/write/execute capabilities.
    ATTACK_VECTOR_LOCAL = 3

    # The attack requires the attacker to physically touch or manipulate the
    # vulnerable component.
    ATTACK_VECTOR_PHYSICAL = 4
  end

  # This metric describes the conditions beyond the attacker's control that
  # must exist in order to exploit the vulnerability.
  module AttackComplexity
    # Invalid value.
    ATTACK_COMPLEXITY_UNSPECIFIED = 0

    # Specialized access conditions or extenuating circumstances do not exist.
    # An attacker can expect repeatable success when attacking the vulnerable
    # component.
    ATTACK_COMPLEXITY_LOW = 1

    # A successful attack depends on conditions beyond the attacker's control.
    # That is, a successful attack cannot be accomplished at will, but requires
    # the attacker to invest in some measurable amount of effort in preparation
    # or execution against the vulnerable component before a successful attack
    # can be expected.
    ATTACK_COMPLEXITY_HIGH = 2
  end

  # This metric describes the level of privileges an attacker must possess
  # before successfully exploiting the vulnerability.
  module PrivilegesRequired
    # Invalid value.
    PRIVILEGES_REQUIRED_UNSPECIFIED = 0

    # The attacker is unauthorized prior to attack, and therefore does not
    # require any access to settings or files of the vulnerable system to
    # carry out an attack.
    PRIVILEGES_REQUIRED_NONE = 1

    # The attacker requires privileges that provide basic user capabilities
    # that could normally affect only settings and files owned by a user.
    # Alternatively, an attacker with Low privileges has the ability to access
    # only non-sensitive resources.
    PRIVILEGES_REQUIRED_LOW = 2

    # The attacker requires privileges that provide significant (e.g.,
    # administrative) control over the vulnerable component allowing access to
    # component-wide settings and files.
    PRIVILEGES_REQUIRED_HIGH = 3
  end

  # This metric captures the requirement for a human user, other than the
  # attacker, to participate in the successful compromise of the vulnerable
  # component.
  module UserInteraction
    # Invalid value.
    USER_INTERACTION_UNSPECIFIED = 0

    # The vulnerable system can be exploited without interaction from any user.
    USER_INTERACTION_NONE = 1

    # Successful exploitation of this vulnerability requires a user to take
    # some action before the vulnerability can be exploited.
    USER_INTERACTION_REQUIRED = 2
  end

  # The Scope metric captures whether a vulnerability in one vulnerable
  # component impacts resources in components beyond its security scope.
  module Scope
    # Invalid value.
    SCOPE_UNSPECIFIED = 0

    # An exploited vulnerability can only affect resources managed by the same
    # security authority.
    SCOPE_UNCHANGED = 1

    # An exploited vulnerability can affect resources beyond the security scope
    # managed by the security authority of the vulnerable component.
    SCOPE_CHANGED = 2
  end

  # The Impact metrics capture the effects of a successfully exploited
  # vulnerability on the component that suffers the worst outcome that is most
  # directly and predictably associated with the attack.
  module Impact
    # Invalid value.
    IMPACT_UNSPECIFIED = 0

    # High impact.
    IMPACT_HIGH = 1

    # Low impact.
    IMPACT_LOW = 2

    # No impact.
    IMPACT_NONE = 3
  end
end

#scope ⇒ ::Google::Cloud::OsConfig::V1::CVSSv3::Scope

Returns The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.

Returns:

• (::Google::Cloud::OsConfig::V1::CVSSv3::Scope) —

  The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.

# File 'proto_docs/google/cloud/osconfig/v1/vulnerability.rb', line 256

class CVSSv3
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This metric reflects the context by which vulnerability exploitation is
  # possible.
  module AttackVector
    # Invalid value.
    ATTACK_VECTOR_UNSPECIFIED = 0

    # The vulnerable component is bound to the network stack and the set of
    # possible attackers extends beyond the other options listed below, up to
    # and including the entire Internet.
    ATTACK_VECTOR_NETWORK = 1

    # The vulnerable component is bound to the network stack, but the attack is
    # limited at the protocol level to a logically adjacent topology.
    ATTACK_VECTOR_ADJACENT = 2

    # The vulnerable component is not bound to the network stack and the
    # attacker's path is via read/write/execute capabilities.
    ATTACK_VECTOR_LOCAL = 3

    # The attack requires the attacker to physically touch or manipulate the
    # vulnerable component.
    ATTACK_VECTOR_PHYSICAL = 4
  end

  # This metric describes the conditions beyond the attacker's control that
  # must exist in order to exploit the vulnerability.
  module AttackComplexity
    # Invalid value.
    ATTACK_COMPLEXITY_UNSPECIFIED = 0

    # Specialized access conditions or extenuating circumstances do not exist.
    # An attacker can expect repeatable success when attacking the vulnerable
    # component.
    ATTACK_COMPLEXITY_LOW = 1

    # A successful attack depends on conditions beyond the attacker's control.
    # That is, a successful attack cannot be accomplished at will, but requires
    # the attacker to invest in some measurable amount of effort in preparation
    # or execution against the vulnerable component before a successful attack
    # can be expected.
    ATTACK_COMPLEXITY_HIGH = 2
  end

  # This metric describes the level of privileges an attacker must possess
  # before successfully exploiting the vulnerability.
  module PrivilegesRequired
    # Invalid value.
    PRIVILEGES_REQUIRED_UNSPECIFIED = 0

    # The attacker is unauthorized prior to attack, and therefore does not
    # require any access to settings or files of the vulnerable system to
    # carry out an attack.
    PRIVILEGES_REQUIRED_NONE = 1

    # The attacker requires privileges that provide basic user capabilities
    # that could normally affect only settings and files owned by a user.
    # Alternatively, an attacker with Low privileges has the ability to access
    # only non-sensitive resources.
    PRIVILEGES_REQUIRED_LOW = 2

    # The attacker requires privileges that provide significant (e.g.,
    # administrative) control over the vulnerable component allowing access to
    # component-wide settings and files.
    PRIVILEGES_REQUIRED_HIGH = 3
  end

  # This metric captures the requirement for a human user, other than the
  # attacker, to participate in the successful compromise of the vulnerable
  # component.
  module UserInteraction
    # Invalid value.
    USER_INTERACTION_UNSPECIFIED = 0

    # The vulnerable system can be exploited without interaction from any user.
    USER_INTERACTION_NONE = 1

    # Successful exploitation of this vulnerability requires a user to take
    # some action before the vulnerability can be exploited.
    USER_INTERACTION_REQUIRED = 2
  end

  # The Scope metric captures whether a vulnerability in one vulnerable
  # component impacts resources in components beyond its security scope.
  module Scope
    # Invalid value.
    SCOPE_UNSPECIFIED = 0

    # An exploited vulnerability can only affect resources managed by the same
    # security authority.
    SCOPE_UNCHANGED = 1

    # An exploited vulnerability can affect resources beyond the security scope
    # managed by the security authority of the vulnerable component.
    SCOPE_CHANGED = 2
  end

  # The Impact metrics capture the effects of a successfully exploited
  # vulnerability on the component that suffers the worst outcome that is most
  # directly and predictably associated with the attack.
  module Impact
    # Invalid value.
    IMPACT_UNSPECIFIED = 0

    # High impact.
    IMPACT_HIGH = 1

    # Low impact.
    IMPACT_LOW = 2

    # No impact.
    IMPACT_NONE = 3
  end
end

#user_interaction ⇒ ::Google::Cloud::OsConfig::V1::CVSSv3::UserInteraction

Returns This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.

Returns:

• (::Google::Cloud::OsConfig::V1::CVSSv3::UserInteraction) —

  This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.

# File 'proto_docs/google/cloud/osconfig/v1/vulnerability.rb', line 256

class CVSSv3
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # This metric reflects the context by which vulnerability exploitation is
  # possible.
  module AttackVector
    # Invalid value.
    ATTACK_VECTOR_UNSPECIFIED = 0

    # The vulnerable component is bound to the network stack and the set of
    # possible attackers extends beyond the other options listed below, up to
    # and including the entire Internet.
    ATTACK_VECTOR_NETWORK = 1

    # The vulnerable component is bound to the network stack, but the attack is
    # limited at the protocol level to a logically adjacent topology.
    ATTACK_VECTOR_ADJACENT = 2

    # The vulnerable component is not bound to the network stack and the
    # attacker's path is via read/write/execute capabilities.
    ATTACK_VECTOR_LOCAL = 3

    # The attack requires the attacker to physically touch or manipulate the
    # vulnerable component.
    ATTACK_VECTOR_PHYSICAL = 4
  end

  # This metric describes the conditions beyond the attacker's control that
  # must exist in order to exploit the vulnerability.
  module AttackComplexity
    # Invalid value.
    ATTACK_COMPLEXITY_UNSPECIFIED = 0

    # Specialized access conditions or extenuating circumstances do not exist.
    # An attacker can expect repeatable success when attacking the vulnerable
    # component.
    ATTACK_COMPLEXITY_LOW = 1

    # A successful attack depends on conditions beyond the attacker's control.
    # That is, a successful attack cannot be accomplished at will, but requires
    # the attacker to invest in some measurable amount of effort in preparation
    # or execution against the vulnerable component before a successful attack
    # can be expected.
    ATTACK_COMPLEXITY_HIGH = 2
  end

  # This metric describes the level of privileges an attacker must possess
  # before successfully exploiting the vulnerability.
  module PrivilegesRequired
    # Invalid value.
    PRIVILEGES_REQUIRED_UNSPECIFIED = 0

    # The attacker is unauthorized prior to attack, and therefore does not
    # require any access to settings or files of the vulnerable system to
    # carry out an attack.
    PRIVILEGES_REQUIRED_NONE = 1

    # The attacker requires privileges that provide basic user capabilities
    # that could normally affect only settings and files owned by a user.
    # Alternatively, an attacker with Low privileges has the ability to access
    # only non-sensitive resources.
    PRIVILEGES_REQUIRED_LOW = 2

    # The attacker requires privileges that provide significant (e.g.,
    # administrative) control over the vulnerable component allowing access to
    # component-wide settings and files.
    PRIVILEGES_REQUIRED_HIGH = 3
  end

  # This metric captures the requirement for a human user, other than the
  # attacker, to participate in the successful compromise of the vulnerable
  # component.
  module UserInteraction
    # Invalid value.
    USER_INTERACTION_UNSPECIFIED = 0

    # The vulnerable system can be exploited without interaction from any user.
    USER_INTERACTION_NONE = 1

    # Successful exploitation of this vulnerability requires a user to take
    # some action before the vulnerability can be exploited.
    USER_INTERACTION_REQUIRED = 2
  end

  # The Scope metric captures whether a vulnerability in one vulnerable
  # component impacts resources in components beyond its security scope.
  module Scope
    # Invalid value.
    SCOPE_UNSPECIFIED = 0

    # An exploited vulnerability can only affect resources managed by the same
    # security authority.
    SCOPE_UNCHANGED = 1

    # An exploited vulnerability can affect resources beyond the security scope
    # managed by the security authority of the vulnerable component.
    SCOPE_CHANGED = 2
  end

  # The Impact metrics capture the effects of a successfully exploited
  # vulnerability on the component that suffers the worst outcome that is most
  # directly and predictably associated with the attack.
  module Impact
    # Invalid value.
    IMPACT_UNSPECIFIED = 0

    # High impact.
    IMPACT_HIGH = 1

    # Low impact.
    IMPACT_LOW = 2

    # No impact.
    IMPACT_NONE = 3
  end
end