PII-leakage-update

mappings/cvss_v3/cvss_v3.json

@@ -420,6 +420,10 @@
               "id": "for_publicly_accessible_asset",
               "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
             },
+            {
+              "id": "pii_leakage_exposure",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
+            },
             {
               "id": "for_internal_asset",
               "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"
@@ -904,7 +908,7 @@
           "id": "infotainment_radio_head_unit",
           "children": [
             {
-              "id": "pii_leakage",
+              "id": "sensitive_data_leakage_exposure",
               "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
             },
             {

mappings/cwe/cwe.json

@@ -227,48 +227,54 @@
         }
       ]
     },
+{
+  "id": "sensitive_data_exposure",
+  "cwe": ["CWE-934"],
+  "children": [
     {
-      "id": "sensitive_data_exposure",
-      "cwe": ["CWE-934"],
+      "id": "disclosure_of_secrets",
       "children": [
         {
-          "id": "disclosure_of_secrets",
-          "cwe": ["CWE-522"]
-        },
-        {
-          "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
-          "cwe": ["CWE-200"]
-        },
-        {
-          "id": "visible_detailed_error_page",
-          "cwe": ["CWE-209", "CWE-215"]
-        },
-        {
-          "id": "disclosure_of_known_public_information",
-          "cwe": ["CWE-200"]
-        },
-        {
-          "id": "token_leakage_via_referer",
+          "id": "pii_leakage_exposure",
           "cwe": ["CWE-200"]
-        },
-        {
-          "id": "sensitive_token_in_url",
-          "cwe": ["CWE-200"]
-        },
-        {
-          "id": "non_sensitive_token_in_url",
-          "cwe": ["CWE-200"]
-        },
-        {
-          "id": "weak_password_reset_implementation",
-          "cwe": ["CWE-640"]
-        },
-        {
-          "id": "via_localstorage_sessionstorage",
-          "cwe": ["CWE-922"]
         }
       ]
     },
+    {
+      "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
+      "cwe": ["CWE-200"]
+    },
+    {
+      "id": "visible_detailed_error_page",
+      "cwe": ["CWE-209", "CWE-215"]
+    },
+    {
+      "id": "disclosure_of_known_public_information",
+      "cwe": ["CWE-200"]
+    },
+    {
+      "id": "token_leakage_via_referer",
+      "cwe": ["CWE-200"]
+    },
+    {
+      "id": "sensitive_token_in_url",
+      "cwe": ["CWE-200"]
+    },
+    {
+      "id": "non_sensitive_token_in_url",
+      "cwe": ["CWE-200"]
+    },
+    {
+      "id": "weak_password_reset_implementation",
+      "cwe": ["CWE-640"]
+    },
+    {
+      "id": "via_localstorage_sessionstorage",
+      "cwe": ["CWE-922"]
+    }
+  ]
+}
+,
     {
       "id": "cross_site_scripting_xss",
       "cwe": ["CWE-79"]

mappings/remediation_advice/remediation_advice.json

@@ -1267,8 +1267,8 @@
           "id": "infotainment_radio_head_unit",
           "children": [
             {
-              "id": "pii_leakage",
-              "remediation_advice": "Do not store PII such as call logs, text messages, and contact lists or names as plaintext in the infotainment system.",
+              "id": "sensitive_data_leakage_exposure",
+              "remediation_advice": "Do not store sensitive data such as call logs, text messages, and contact lists or names as plaintext in the infotainment system.",
               "references": [
                 "https://www.prnewswire.com/news-releases/carsblues-vehicle-hack-exploits-vehicle-infotainment-systems-allowing-access-to-call-logs-text-messages-and-more-300751244.html"
               ]

third-party-mappings/remediation_training/secure-code-warrior-links.json

@@ -132,8 +132,10 @@
   "broken_authentication_and_session_management.weak_registration_implementation.over_http": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:weak_registration_implementation:over_http&redirect=true",
   "sensitive_data_exposure": null,
   "sensitive_data_exposure.disclosure_of_secrets": null,
+  "sensitive_data_exposure.pii_leakage_exposure": null,
   "sensitive_data_exposure.disclosure_of_secrets.for_publicly_accessible_asset": null,
-  "sensitive_data_exposure.disclosure_of_secrets.for_internal_asset": null,
+  "sensitive_data_exposure.disclosure_of_secrets.pii_leakage_exposure": null,
+  "sensitive_data_exposure.disclosure_of_secrets.pay_per_use_abuse": null,
   "sensitive_data_exposure.disclosure_of_secrets.pay_per_use_abuse": null,
   "sensitive_data_exposure.disclosure_of_secrets.intentionally_public_sample_or_invalid": null,
   "sensitive_data_exposure.disclosure_of_secrets.data_traffic_spam": null,
@@ -306,7 +308,7 @@
   "client_side_injection.binary_planting.no_privilege_escalation": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=client_side_injection:binary_planting:no_privilege_escalation&redirect=true",
   "automotive_security_misconfiguration": null,
   "automotive_security_misconfiguration.infotainment_radio_head_unit": null,
-  "automotive_security_misconfiguration.infotainment_radio_head_unit.pii_leakage": null,
+  "automotive_security_misconfiguration.infotainment_radio_head_unit.sensitive_data_leakage_exposure": null,
   "automotive_security_misconfiguration.infotainment_radio_head_unit.ota_firmware_manipulation": null,
   "automotive_security_misconfiguration.infotainment_radio_head_unit.code_execution_can_bus_pivot": null,
   "automotive_security_misconfiguration.infotainment_radio_head_unit.code_execution_no_can_bus_pivot": null,

vulnerability-rating-taxonomy.json

@@ -834,6 +834,12 @@
               "type": "variant",
               "priority": 1
             },
+            {
+              "id": "pii_leakage_exposure",
+              "name": "PII Leakage/Exposure",
+              "type": "variant",
+              "priority": null
+            },
             {
               "id": "for_internal_asset",
               "name": "For Internal Asset",
@@ -1923,8 +1929,8 @@
           "type": "subcategory",
           "children": [
             {
-              "id": "pii_leakage",
-              "name": "PII Leakage",
+              "id": "sensitive_data_leakage_exposure",
+              "name": "Sensitive data Leakage/Exposure",
               "type": "variant",
               "priority": 1
             },