search_api_fulltext links might be confusing - Githubissues

cisagov / vulnrichment

A repo to conduct vulnerability enrichment.

Creative Commons Zero v1.0 Universal

399 stars 29 forks source link

search_api_fulltext links might be confusing #82

Open ElectricNroff opened 5 days ago

ElectricNroff commented 5 days ago

https://github.com/cisagov/vulnrichment/blob/6a33bf2996451d4f5ebadba4d04509d7d4f3f70b/2023/38xxx/CVE-2023-38831.json#L113 Suppose that I wish to quickly check whether CVE-2023-38831 is used in ransomware campaigns. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-38831 leads to a page on which the information about CVE-2024-29988 is shown at the top. To interpret the information correctly, I need to:

realize that, unlike for about 90% of KEV entries, this KEV link is intended to show multiple search results
believe that the statement "This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file" means that adversaries who take advantage of this chaining apparently aren't trying to deliver ransomware
understand that, if I choose to click on CVE-2023-38831 within the https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-38831 page, it will not go back to the CVE page about CVE-2023-38831 (which is probably where I came from) and instead will go to the NVD page about CVE-2023-38831
avoid being misled by the https://nvd.nist.gov/vuln/detail/CVE-2023-38831 user experience, where the statement "NVD Analysts have not published a CVSS score for this CVE at this time" actually means "NVD Analysts have not published a CVSS 4.0 score for this CVE at this time."

In other words, if the www.cisa.gov website allowed you to link to something like https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-38831&show_this_one_first=CVE-2023-38831&link_entries_to_cve_rather_than_nvd=true then the data-integration experience might be better for many users.

jwoytek-cisa commented 5 days ago

@ElectricNroff Thanks for the suggestion! There is currently no way to link directly to an entry in the KEV (at least as of the last time I tried), so this is about as close as we can get right now. Perhaps @todb-cisa can help get us a direct link capability?