Class CVSSv3 (1.16.0)

CVSSv3(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document

Attributes

NameDescription
base_score float
The base score is a function of the base metric scores. https://www.first.org/cvss/specification-document#Base-Metrics
exploitability_score float
The Exploitability sub-score equation is derived from the Base Exploitability metrics. https://www.first.org/cvss/specification-document#2-1-Exploitability-Metrics
impact_score float
The Impact sub-score equation is derived from the Base Impact metrics.
attack_vector google.cloud.osconfig_v1alpha.types.CVSSv3.AttackVector
This metric reflects the context by which vulnerability exploitation is possible.
attack_complexity google.cloud.osconfig_v1alpha.types.CVSSv3.AttackComplexity
This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
privileges_required google.cloud.osconfig_v1alpha.types.CVSSv3.PrivilegesRequired
This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
user_interaction google.cloud.osconfig_v1alpha.types.CVSSv3.UserInteraction
This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
scope google.cloud.osconfig_v1alpha.types.CVSSv3.Scope
The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
confidentiality_impact google.cloud.osconfig_v1alpha.types.CVSSv3.Impact
This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.
integrity_impact google.cloud.osconfig_v1alpha.types.CVSSv3.Impact
This metric measures the impact to integrity of a successfully exploited vulnerability.
availability_impact google.cloud.osconfig_v1alpha.types.CVSSv3.Impact
This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.

Classes

AttackComplexity

AttackComplexity(value)

This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.

Values: ATTACK_COMPLEXITY_UNSPECIFIED (0): Invalid value. ATTACK_COMPLEXITY_LOW (1): Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component. ATTACK_COMPLEXITY_HIGH (2): A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected.

AttackVector

AttackVector(value)

This metric reflects the context by which vulnerability exploitation is possible.

Values: ATTACK_VECTOR_UNSPECIFIED (0): Invalid value. ATTACK_VECTOR_NETWORK (1): The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. ATTACK_VECTOR_ADJACENT (2): The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology. ATTACK_VECTOR_LOCAL (3): The vulnerable component is not bound to the network stack and the attacker's path is via read/write/execute capabilities. ATTACK_VECTOR_PHYSICAL (4): The attack requires the attacker to physically touch or manipulate the vulnerable component.

Impact

Impact(value)

The Impact metrics capture the effects of a successfully exploited vulnerability on the component that suffers the worst outcome that is most directly and predictably associated with the attack.

Values: IMPACT_UNSPECIFIED (0): Invalid value. IMPACT_HIGH (1): High impact. IMPACT_LOW (2): Low impact. IMPACT_NONE (3): No impact.

PrivilegesRequired

PrivilegesRequired(value)

This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.

Values: PRIVILEGES_REQUIRED_UNSPECIFIED (0): Invalid value. PRIVILEGES_REQUIRED_NONE (1): The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack. PRIVILEGES_REQUIRED_LOW (2): The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources. PRIVILEGES_REQUIRED_HIGH (3): The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable component allowing access to component-wide settings and files.

Scope

Scope(value)

The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.

Values: SCOPE_UNSPECIFIED (0): Invalid value. SCOPE_UNCHANGED (1): An exploited vulnerability can only affect resources managed by the same security authority. SCOPE_CHANGED (2): An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component.

UserInteraction

UserInteraction(value)

This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.

Values: USER_INTERACTION_UNSPECIFIED (0): Invalid value. USER_INTERACTION_NONE (1): The vulnerable system can be exploited without interaction from any user. USER_INTERACTION_REQUIRED (2): Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited.