add_cverequires reporter permissions, but does not perform any further checks when attempting to merge with an existing CVE. This allows reporters a limited amount of control over CVEs for which advisories were already created, which should be denied by using user_can_edit_issue like edit_cve does.
add_cve
requires reporter permissions, but does not perform any further checks when attempting to merge with an existing CVE. This allows reporters a limited amount of control over CVEs for which advisories were already created, which should be denied by usinguser_can_edit_issue
likeedit_cve
does.