Class: Google::Cloud::SecurityCenter::V1::Cve

Inherits:
Object
  • Object
show all
Extended by:
Protobuf::MessageExts::ClassMethods
Includes:
Protobuf::MessageExts
Defined in:
proto_docs/google/cloud/securitycenter/v1/vulnerability.rb

Overview

CVE stands for Common Vulnerabilities and Exposures. Information from the CVE record that describes this vulnerability.

Defined Under Namespace

Modules: ExploitationActivity, RiskRating

Instance Attribute Summary collapse

Instance Attribute Details

#cvssv3::Google::Cloud::SecurityCenter::V1::Cvssv3

Returns Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document.

Returns:



77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'proto_docs/google/cloud/securitycenter/v1/vulnerability.rb', line 77

class Cve
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The possible values of impact of the vulnerability if it was to be
  # exploited.
  module RiskRating
    # Invalid or empty value.
    RISK_RATING_UNSPECIFIED = 0

    # Exploitation would have little to no security impact.
    LOW = 1

    # Exploitation would enable attackers to perform activities, or could allow
    # attackers to have a direct impact, but would require additional steps.
    MEDIUM = 2

    # Exploitation would enable attackers to have a notable direct impact
    # without needing to overcome any major mitigating factors.
    HIGH = 3

    # Exploitation would fundamentally undermine the security of affected
    # systems, enable actors to perform significant attacks with minimal
    # effort, with little to no mitigating factors to overcome.
    CRITICAL = 4
  end

  # The possible values of exploitation activity of the vulnerability in the
  # wild.
  module ExploitationActivity
    # Invalid or empty value.
    EXPLOITATION_ACTIVITY_UNSPECIFIED = 0

    # Exploitation has been reported or confirmed to widely occur.
    WIDE = 1

    # Limited reported or confirmed exploitation activities.
    CONFIRMED = 2

    # Exploit is publicly available.
    AVAILABLE = 3

    # No known exploitation activity, but has a high potential for
    # exploitation.
    ANTICIPATED = 4

    # No known exploitation activity.
    NO_KNOWN = 5
  end
end

#exploit_release_date::Google::Protobuf::Timestamp

Returns Date the first publicly available exploit or PoC was released.

Returns:



77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'proto_docs/google/cloud/securitycenter/v1/vulnerability.rb', line 77

class Cve
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The possible values of impact of the vulnerability if it was to be
  # exploited.
  module RiskRating
    # Invalid or empty value.
    RISK_RATING_UNSPECIFIED = 0

    # Exploitation would have little to no security impact.
    LOW = 1

    # Exploitation would enable attackers to perform activities, or could allow
    # attackers to have a direct impact, but would require additional steps.
    MEDIUM = 2

    # Exploitation would enable attackers to have a notable direct impact
    # without needing to overcome any major mitigating factors.
    HIGH = 3

    # Exploitation would fundamentally undermine the security of affected
    # systems, enable actors to perform significant attacks with minimal
    # effort, with little to no mitigating factors to overcome.
    CRITICAL = 4
  end

  # The possible values of exploitation activity of the vulnerability in the
  # wild.
  module ExploitationActivity
    # Invalid or empty value.
    EXPLOITATION_ACTIVITY_UNSPECIFIED = 0

    # Exploitation has been reported or confirmed to widely occur.
    WIDE = 1

    # Limited reported or confirmed exploitation activities.
    CONFIRMED = 2

    # Exploit is publicly available.
    AVAILABLE = 3

    # No known exploitation activity, but has a high potential for
    # exploitation.
    ANTICIPATED = 4

    # No known exploitation activity.
    NO_KNOWN = 5
  end
end

#exploitation_activity::Google::Cloud::SecurityCenter::V1::Cve::ExploitationActivity

Returns The exploitation activity of the vulnerability in the wild.

Returns:



77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'proto_docs/google/cloud/securitycenter/v1/vulnerability.rb', line 77

class Cve
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The possible values of impact of the vulnerability if it was to be
  # exploited.
  module RiskRating
    # Invalid or empty value.
    RISK_RATING_UNSPECIFIED = 0

    # Exploitation would have little to no security impact.
    LOW = 1

    # Exploitation would enable attackers to perform activities, or could allow
    # attackers to have a direct impact, but would require additional steps.
    MEDIUM = 2

    # Exploitation would enable attackers to have a notable direct impact
    # without needing to overcome any major mitigating factors.
    HIGH = 3

    # Exploitation would fundamentally undermine the security of affected
    # systems, enable actors to perform significant attacks with minimal
    # effort, with little to no mitigating factors to overcome.
    CRITICAL = 4
  end

  # The possible values of exploitation activity of the vulnerability in the
  # wild.
  module ExploitationActivity
    # Invalid or empty value.
    EXPLOITATION_ACTIVITY_UNSPECIFIED = 0

    # Exploitation has been reported or confirmed to widely occur.
    WIDE = 1

    # Limited reported or confirmed exploitation activities.
    CONFIRMED = 2

    # Exploit is publicly available.
    AVAILABLE = 3

    # No known exploitation activity, but has a high potential for
    # exploitation.
    ANTICIPATED = 4

    # No known exploitation activity.
    NO_KNOWN = 5
  end
end

#id::String

Returns The unique identifier for the vulnerability. e.g. CVE-2021-34527.

Returns:

  • (::String)

    The unique identifier for the vulnerability. e.g. CVE-2021-34527



77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'proto_docs/google/cloud/securitycenter/v1/vulnerability.rb', line 77

class Cve
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The possible values of impact of the vulnerability if it was to be
  # exploited.
  module RiskRating
    # Invalid or empty value.
    RISK_RATING_UNSPECIFIED = 0

    # Exploitation would have little to no security impact.
    LOW = 1

    # Exploitation would enable attackers to perform activities, or could allow
    # attackers to have a direct impact, but would require additional steps.
    MEDIUM = 2

    # Exploitation would enable attackers to have a notable direct impact
    # without needing to overcome any major mitigating factors.
    HIGH = 3

    # Exploitation would fundamentally undermine the security of affected
    # systems, enable actors to perform significant attacks with minimal
    # effort, with little to no mitigating factors to overcome.
    CRITICAL = 4
  end

  # The possible values of exploitation activity of the vulnerability in the
  # wild.
  module ExploitationActivity
    # Invalid or empty value.
    EXPLOITATION_ACTIVITY_UNSPECIFIED = 0

    # Exploitation has been reported or confirmed to widely occur.
    WIDE = 1

    # Limited reported or confirmed exploitation activities.
    CONFIRMED = 2

    # Exploit is publicly available.
    AVAILABLE = 3

    # No known exploitation activity, but has a high potential for
    # exploitation.
    ANTICIPATED = 4

    # No known exploitation activity.
    NO_KNOWN = 5
  end
end

#impact::Google::Cloud::SecurityCenter::V1::Cve::RiskRating

Returns The potential impact of the vulnerability if it was to be exploited.

Returns:



77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'proto_docs/google/cloud/securitycenter/v1/vulnerability.rb', line 77

class Cve
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The possible values of impact of the vulnerability if it was to be
  # exploited.
  module RiskRating
    # Invalid or empty value.
    RISK_RATING_UNSPECIFIED = 0

    # Exploitation would have little to no security impact.
    LOW = 1

    # Exploitation would enable attackers to perform activities, or could allow
    # attackers to have a direct impact, but would require additional steps.
    MEDIUM = 2

    # Exploitation would enable attackers to have a notable direct impact
    # without needing to overcome any major mitigating factors.
    HIGH = 3

    # Exploitation would fundamentally undermine the security of affected
    # systems, enable actors to perform significant attacks with minimal
    # effort, with little to no mitigating factors to overcome.
    CRITICAL = 4
  end

  # The possible values of exploitation activity of the vulnerability in the
  # wild.
  module ExploitationActivity
    # Invalid or empty value.
    EXPLOITATION_ACTIVITY_UNSPECIFIED = 0

    # Exploitation has been reported or confirmed to widely occur.
    WIDE = 1

    # Limited reported or confirmed exploitation activities.
    CONFIRMED = 2

    # Exploit is publicly available.
    AVAILABLE = 3

    # No known exploitation activity, but has a high potential for
    # exploitation.
    ANTICIPATED = 4

    # No known exploitation activity.
    NO_KNOWN = 5
  end
end

#observed_in_the_wild::Boolean

Returns Whether or not the vulnerability has been observed in the wild.

Returns:

  • (::Boolean)

    Whether or not the vulnerability has been observed in the wild.



77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'proto_docs/google/cloud/securitycenter/v1/vulnerability.rb', line 77

class Cve
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The possible values of impact of the vulnerability if it was to be
  # exploited.
  module RiskRating
    # Invalid or empty value.
    RISK_RATING_UNSPECIFIED = 0

    # Exploitation would have little to no security impact.
    LOW = 1

    # Exploitation would enable attackers to perform activities, or could allow
    # attackers to have a direct impact, but would require additional steps.
    MEDIUM = 2

    # Exploitation would enable attackers to have a notable direct impact
    # without needing to overcome any major mitigating factors.
    HIGH = 3

    # Exploitation would fundamentally undermine the security of affected
    # systems, enable actors to perform significant attacks with minimal
    # effort, with little to no mitigating factors to overcome.
    CRITICAL = 4
  end

  # The possible values of exploitation activity of the vulnerability in the
  # wild.
  module ExploitationActivity
    # Invalid or empty value.
    EXPLOITATION_ACTIVITY_UNSPECIFIED = 0

    # Exploitation has been reported or confirmed to widely occur.
    WIDE = 1

    # Limited reported or confirmed exploitation activities.
    CONFIRMED = 2

    # Exploit is publicly available.
    AVAILABLE = 3

    # No known exploitation activity, but has a high potential for
    # exploitation.
    ANTICIPATED = 4

    # No known exploitation activity.
    NO_KNOWN = 5
  end
end

#references::Array<::Google::Cloud::SecurityCenter::V1::Reference>

Returns Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.

Returns:



77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'proto_docs/google/cloud/securitycenter/v1/vulnerability.rb', line 77

class Cve
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The possible values of impact of the vulnerability if it was to be
  # exploited.
  module RiskRating
    # Invalid or empty value.
    RISK_RATING_UNSPECIFIED = 0

    # Exploitation would have little to no security impact.
    LOW = 1

    # Exploitation would enable attackers to perform activities, or could allow
    # attackers to have a direct impact, but would require additional steps.
    MEDIUM = 2

    # Exploitation would enable attackers to have a notable direct impact
    # without needing to overcome any major mitigating factors.
    HIGH = 3

    # Exploitation would fundamentally undermine the security of affected
    # systems, enable actors to perform significant attacks with minimal
    # effort, with little to no mitigating factors to overcome.
    CRITICAL = 4
  end

  # The possible values of exploitation activity of the vulnerability in the
  # wild.
  module ExploitationActivity
    # Invalid or empty value.
    EXPLOITATION_ACTIVITY_UNSPECIFIED = 0

    # Exploitation has been reported or confirmed to widely occur.
    WIDE = 1

    # Limited reported or confirmed exploitation activities.
    CONFIRMED = 2

    # Exploit is publicly available.
    AVAILABLE = 3

    # No known exploitation activity, but has a high potential for
    # exploitation.
    ANTICIPATED = 4

    # No known exploitation activity.
    NO_KNOWN = 5
  end
end

#upstream_fix_available::Boolean

Returns Whether upstream fix is available for the CVE.

Returns:

  • (::Boolean)

    Whether upstream fix is available for the CVE.



77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'proto_docs/google/cloud/securitycenter/v1/vulnerability.rb', line 77

class Cve
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The possible values of impact of the vulnerability if it was to be
  # exploited.
  module RiskRating
    # Invalid or empty value.
    RISK_RATING_UNSPECIFIED = 0

    # Exploitation would have little to no security impact.
    LOW = 1

    # Exploitation would enable attackers to perform activities, or could allow
    # attackers to have a direct impact, but would require additional steps.
    MEDIUM = 2

    # Exploitation would enable attackers to have a notable direct impact
    # without needing to overcome any major mitigating factors.
    HIGH = 3

    # Exploitation would fundamentally undermine the security of affected
    # systems, enable actors to perform significant attacks with minimal
    # effort, with little to no mitigating factors to overcome.
    CRITICAL = 4
  end

  # The possible values of exploitation activity of the vulnerability in the
  # wild.
  module ExploitationActivity
    # Invalid or empty value.
    EXPLOITATION_ACTIVITY_UNSPECIFIED = 0

    # Exploitation has been reported or confirmed to widely occur.
    WIDE = 1

    # Limited reported or confirmed exploitation activities.
    CONFIRMED = 2

    # Exploit is publicly available.
    AVAILABLE = 3

    # No known exploitation activity, but has a high potential for
    # exploitation.
    ANTICIPATED = 4

    # No known exploitation activity.
    NO_KNOWN = 5
  end
end

#zero_day::Boolean

Returns Whether or not the vulnerability was zero day when the finding was published.

Returns:

  • (::Boolean)

    Whether or not the vulnerability was zero day when the finding was published.



77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'proto_docs/google/cloud/securitycenter/v1/vulnerability.rb', line 77

class Cve
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # The possible values of impact of the vulnerability if it was to be
  # exploited.
  module RiskRating
    # Invalid or empty value.
    RISK_RATING_UNSPECIFIED = 0

    # Exploitation would have little to no security impact.
    LOW = 1

    # Exploitation would enable attackers to perform activities, or could allow
    # attackers to have a direct impact, but would require additional steps.
    MEDIUM = 2

    # Exploitation would enable attackers to have a notable direct impact
    # without needing to overcome any major mitigating factors.
    HIGH = 3

    # Exploitation would fundamentally undermine the security of affected
    # systems, enable actors to perform significant attacks with minimal
    # effort, with little to no mitigating factors to overcome.
    CRITICAL = 4
  end

  # The possible values of exploitation activity of the vulnerability in the
  # wild.
  module ExploitationActivity
    # Invalid or empty value.
    EXPLOITATION_ACTIVITY_UNSPECIFIED = 0

    # Exploitation has been reported or confirmed to widely occur.
    WIDE = 1

    # Limited reported or confirmed exploitation activities.
    CONFIRMED = 2

    # Exploit is publicly available.
    AVAILABLE = 3

    # No known exploitation activity, but has a high potential for
    # exploitation.
    ANTICIPATED = 4

    # No known exploitation activity.
    NO_KNOWN = 5
  end
end