Comments (3)
@zmanion - that seems a correct summary.
CVE Services allows updating CVE Records from REJECTED to PUBLISHED.
However, Vulnogram does not allow it in at least one use case:
- From the displayed list of the user's REJECTED CVE Records,
- Select an existing REJECTED CVE ID to prepopulate the data fields
- Attempting to update will result in error
Workaround described by zmanion above.
from vulnogram.
RESERVED -> REJECTED is permitted by Services and supported by Vulnogram. Such an ID cannot be un-REJECTED or, at least using Vulnogram, Services returns CVE_RECORD_DNE. It is not possible to modify the Record ("Rejected Reason"), there is no Record at all (Services returns 404 for the /cve/ endpoint).
https://cveawg-test.mitre.org/api/cve/CVE-2024-20642
PUBLISHED -> REJECTED is permitted by Services and supported by Vulnogram. Such an ID/Record can be un-REJECTED. In Vulnogram, you need to create a new record, re-populate it, and publish.
So, I now dont' think this is a bug in Vulnogram, and probably doesn't require any action or change to Vulnogram.
Loading a REJECTED (but previously published) Record can only possiby load the current Record data, which includes the rejectedReasons element.
from vulnogram.
OK, maybe an enhancement then.
In the view of Rejected IDs, indicate which exist as Records (had previously been Published), and provide an "unreject" or "re-edit" button or icon (maybe a green check mark in the Actions column).
On click, load a new (CNA container) editor screen (equivalent to clicking the NEW button) with the (rejected, about to be republished) CVE-ID populated.
from vulnogram.
Related Issues (20)
- Improve clarity of "Public At" input field to prevent accidental publishing d/t "scheduling" assumption HOT 1
- List of CAPEC impacts may be outdated HOT 1
- CVE-2023-37466 (Critical) detected in vm2-3.9.14.tgz
- CVE-2023-37903 (Critical) detected in vm2-3.9.14.tgz
- CVE-2023-32313 (Medium) detected in vm2-3.9.14.tgz
- CVE-2023-45857 (Medium) detected in axios-0.21.4.tgz
- CVE-2023-32314 (Critical) detected in vm2-3.9.14.tgz
- CVE-2023-3696 (Critical) detected in mongoose-6.10.0.tgz
- Ability to reserve CVE for the prior year HOT 2
- Timeout for the CVE Portal Login doesn't always work.
- Update Preview tab to show the preview as on https://www.cve.org/CVERecord HOT 1
- CVE-Portal: Prevent CNA admins from locking themselves
- CVE-2023-26115 (High) detected in word-wrap-1.2.3.tgz
- CVE-2023-26159 (Medium) detected in follow-redirects-1.15.2.tgz
- CVE-2023-42282 (Critical) detected in ip-1.1.8.tgz, ip-2.0.0.tgz
- CVE-2022-25883 (High) detected in multiple libraries
- Embed an AJV validator for latest CNA container sub-schema validation prior to submission
- Post to CVE.org button at bottom of Test Portal Editor tab HOT 1
- Test portal record successfully created link goes to production CVE page HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vulnogram.