Closed jesajx closed 3 years ago
Yes, this is a known issue. We have as our plan to re-design the automatic vulnerabilities. When this is done, this property will be properly taken into account. A temporary fix, until the above one happens, is currently being considered and could be implemented.
Some work to fix this, but only for the local vulnerabilities was done on the latest commit: https://github.com/mal-lang/coreLang/commit/4e2908e036acb65a50968f9ecda9791c247e3c46
It looks to me like the Privileges Required (PR) CVSS attribute is not modeled in the automatic vulnerabilities.
For example:
NLNNVulnerability
,NLLNVulnerability
andNLHNVulnerability
behave the exact same way.Is this the intended behavior?