Laporan

REPORT TEMPLATE :

• Type of vulnerability , CVSS V3 SCORE

  1. • • A classification of the type of vulnerability being reported, such as Use After Free, Cross-Site Scripting, and so on. For examples of vulnerability types, it may be helpful to refer to https://nvd.nist.gov/vuln/categories.  

• Affected component (name, version)

  1. • • The component or service that is affected by the vulnerability. This should include the component’s name and any relevant version information.  

• Affected target environment (type, version)

  1. • • The target environment that is affected by the vulnerability, such as the operating system or application that is affected. This should include a description of the target environment, including its name and any relevant version information. 

• Vulnerability reproduction output (debugger output, screenshot, etc)

  1. • • The output from a successful reproduction of the vulnerability. This could consist of debugger output, a screenshot, a video, or some other format that demonstrates a reproduction of the issue. More detailed information like debugger output is preferred. 

• Proof-of-concept

A proof-of-concept that reproduces the vulnerability automatically (e.g. with code) when applicable. This proof-of-concept should: 

• Work with minimal or no system modifications

• Be minimized; there should be no redundant or irrelevant instructions

• Reproduce reliably within a reasonable period of time

• Detailed & correct analysis 

  1. • • This analysis should correctly describe how each part of the proof-of-concept affects the target in terms of triggering the vulnerability. In addition, the analysis should include information about how timing, environment, or other constraints affect successfully triggering the vulnerability. This analysis should also describe the root cause of the vulnerability, to the degree possible. 

• 1. • Mitigation and confirming the closures