Access complexity: how difficult is it for the attacker to leverage the vulnerability? *
- Select - None (user visits page) Basic or routine (user must follow specific path) Complex or highly specific (multi-step, unintuitive process with high number of dependencies)
Authentication: what privilege level is required for an exploit to be successful? *
- Select - None (all/anonymous users) User-level access (basic/commonly assigned permissions) Administrator (broad permissions required where “restrict access” is set to false)
Confidentiality impact: does this vulnerability cause non-public data to be accessible? *
- Select - All non-public data is accessible Certain non-public data is released No confidentiality impact
Integrity impact: can this exploit allow system data (or data handled by the system) to be compromised? *
- Select - All data can be modified or deleted Some data can be modified Data integrity remains intact
Zero-day impact: does a known exploit exist? *
- Select - Exploit exists (documented or deployed exploit code already in the wild) Proof of concept exists (documented methods for developing exploit exist in the wild) Theoretical or white-hat (no public exploit code or documentation on development exists)
Target distribution: what percentage of module users are affected? *
- Select - All module configurations are exploitable Default or common module configurations are exploitable, but a config change can disable the exploit Only uncommon module configurations are exploitable
Early Bird Registration for DrupalCon Atlanta is now open! By registering during our Early Bird Registration window, you’ll save $100. This window ends on 19 January 2025 and will go by quickly, so don’t wait!
