v1.3
Available on Bugcrowd here: https://bugcrowd.com/vulnerability-rating-taxonomy/1.3
Added
- insecure_data_transport.cleartext_transmission_of_sensitive_data
- broken_access_control
- broken_access_control.idor
- mobile_security_misconfiguration.tapjacking
- server_security_misconfiguration.misconfigured_dns.missing_caa_record
- mapping of VRT to CVSS V3
- server_security_misconfiguration.bitsquatting
Removed
- missing_function_level_access_control
- insecure_direct_object_references_idor
Changed
- missing_function_level_access_control.server_side_request_forgery_ssrf moved via category change to broken_access_control.server_side_request_forgery_ssrf
- missing_function_level_access_control.server_side_request_forgery_ssrf.internal moved via category change to broken_access_control.server_side_request_forgery_ssrf.internal
- missing_function_level_access_control.server_side_request_forgery_ssrf.external moved via category change to broken_access_control.server_side_request_forgery_ssrf.external
- missing_function_level_access_control.username_enumeration moved via category change to broken_access_control.username_enumeration
- missing_function_level_access_control.username_enumeration.data_leak moved via category change to broken_access_control.username_enumeration.data_leak
- missing_function_level_access_control.exposed_sensitive_android_intent moved via category change to broken_access_control.exposed_sensitive_android_intent
- missing_function_level_access_control.exposed_sensitive_ios_url_scheme moved via category change to broken_access_control.exposed_sensitive_ios_url_scheme
- cross_site_request_forgery_csrf.application_wide name changed from Applicaton-Wide to Application-Wide