gitlab-org--gitlab-foss/app/assets/javascripts/helpers/cve_id_request_helper.js

50 lines
1.5 KiB
JavaScript

export function createCveIdRequestIssueBody(fullPath, iid) {
return `### Vulnerability Submission
**NOTE:** Only maintainers of GitLab-hosted projects may request a CVE for
a vulnerability within their project.
Project issue: ${fullPath}#${iid}
#### Publishing Schedule
After a CVE request is validated, a CVE identifier will be assigned. On what
schedule should the details of the CVE be published?
* [ ] Publish immediately
* [ ] Wait to publish
<!--
Please fill out the yaml codeblock below
-->
\`\`\`yaml
reporter:
name: "TODO" # "First Last"
email: "TODO" # "email@domain.tld"
vulnerability:
description: "TODO" # "[VULNTYPE] in [COMPONENT] in [VENDOR][PRODUCT] [VERSION] allows [ATTACKER] to [IMPACT] via [VECTOR]"
cwe: "TODO" # "CWE-22" # Path Traversal
product:
gitlab_path: "${fullPath}"
vendor: "TODO" # "Deluxe Sandwich Maker Company"
name: "TODO" # "Deluxe Sandwich Maker 2"
affected_versions:
- "TODO" # "1.2.3"
- "TODO" # ">1.3.0, <=1.3.9"
fixed_versions:
- "TODO" # "1.2.4"
- "TODO" # "1.3.10"
impact: "TODO" # "CVSS v3 string" # https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
solution: "TODO" # "Upgrade to version 1.2.4 or 1.3.10"
credit: "TODO"
references:
- "TODO" # "https://some.domain.tld/a/reference"
\`\`\`
CVSS scores can be computed by means of the [NVD CVSS Calculator](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator).
/relate ${fullPath}#${iid}
/label ~"devops::secure" ~"group::vulnerability research" ~"vulnerability research::cve" ~"advisory::queued"
`;
}