You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A vulnerability is considered medium or higher severity if its Common Vulnerability Scoring System (CVSS) base qualitative score is medium or higher. In CVSS versions 2.0 through 3.1, this is equivalent to a CVSS score of 4.0 or higher.
This is partially invalid, as the rating capability came in CVSS v3.0 and remains since (in CVSS v4.0 the same scale will exist).
For CVSS v2, the concept of rating came from the NVD as part of their effort to publish and document vulnerabilities with a simple scale, but it as never been officially approved by the FIRST.ORG SIG CVSS.
I don't really know how to change those details, but think it would avoid invalid informations to spread around the community.
Best regards :)
The text was updated successfully, but these errors were encountered:
Hey, SIG CVSS member and github.com/pandatix/go-cvss maintainer.
While looking at the vulnerabilities_fixed_60_days details I though there should be improvements.
This is partially invalid, as the rating capability came in CVSS v3.0 and remains since (in CVSS v4.0 the same scale will exist).
For CVSS v2, the concept of rating came from the NVD as part of their effort to publish and document vulnerabilities with a simple scale, but it as never been officially approved by the FIRST.ORG SIG CVSS.
I don't really know how to change those details, but think it would avoid invalid informations to spread around the community.
Best regards :)
The text was updated successfully, but these errors were encountered: