- Issue created by @greggles
- πΊπΈUnited States yesct
1 . https://www.drupal.org/sa-contrib-2025-001 β - CWE-1390: Weak Authentication and CAPEC-114: Authentication Abuse.
why not CAPEC-112: Brute Force ? Just curious.
2 . N/A
3 . :check: seems straight forward.
4 . https://www.drupal.org/sa-contrib-2025-004 β - CWE-862: Missing Authorization and CAPEC-87: Forceful Browsing. ChildOf Meta Attack Pattern 115 Authentication Bypass :check: seems fine to me.
[Didn't check the others. I might, but don't wait on me.]
- πΊπΈUnited States greggles Denver, Colorado, USA
making progress on categorizing more of them
- πΊπΈUnited States greggles Denver, Colorado, USA
re #5 I agree that capec makes sense. Thanks!
- πΊπΈUnited States greggles Denver, Colorado, USA
OK. Now filed and I've updated the advisories to include the CVE. I acknowledge I may have made misclassifications or mistakes in this process and welcome comments or new issues alerting me to where those might be so I can address them.
Here's the pairing of CVE and advisory id:
CVE-2025-3057 https://www.drupal.org/SA-CORE-2025-001 β
CVE-2025-31673 https://www.drupal.org/SA-CORE-2025-002 β
CVE-2025-31674 https://www.drupal.org/SA-CORE-2025-003 β
CVE-2025-31675 https://www.drupal.org/SA-CORE-2025-004 β
CVE-2025-31676 https://www.drupal.org/SA-CONTRIB-2025-001 β
CVE-2025-31677 https://www.drupal.org/SA-CONTRIB-2025-003 β
CVE-2025-31678 https://www.drupal.org/SA-CONTRIB-2025-004 β
CVE-2025-31679 https://www.drupal.org/SA-CONTRIB-2025-007 β
CVE-2025-31680 https://www.drupal.org/SA-CONTRIB-2025-008 β
CVE-2025-31681 https://www.drupal.org/SA-CONTRIB-2025-009 β
CVE-2025-31682 https://www.drupal.org/SA-CONTRIB-2025-011 β
CVE-2025-31683 https://www.drupal.org/SA-CONTRIB-2025-012 β
CVE-2025-31684 https://www.drupal.org/SA-CONTRIB-2025-013 β
CVE-2025-31685 https://www.drupal.org/SA-CONTRIB-2025-014 β
CVE-2025-31686 https://www.drupal.org/SA-CONTRIB-2025-015 β
CVE-2025-31687 https://www.drupal.org/SA-CONTRIB-2025-016 β
CVE-2025-31688 https://www.drupal.org/SA-CONTRIB-2025-017 β
CVE-2025-31689 https://www.drupal.org/SA-CONTRIB-2025-018 β
CVE-2025-31690 https://www.drupal.org/SA-CONTRIB-2025-019 β
CVE-2025-31691 https://www.drupal.org/SA-CONTRIB-2025-020 β
CVE-2025-31692 https://www.drupal.org/SA-CONTRIB-2025-021 β
CVE-2025-31693 https://www.drupal.org/SA-CONTRIB-2025-022 β
CVE-2025-31694 https://www.drupal.org/SA-CONTRIB-2025-023 β
CVE-2025-31695 https://www.drupal.org/SA-CONTRIB-2025-024 β
CVE-2025-31696 https://www.drupal.org/SA-CONTRIB-2025-025 β
CVE-2025-31697 https://www.drupal.org/SA-CONTRIB-2025-026 β
CVE-2025-3059 https://www.drupal.org/SA-CONTRIB-2025-002 β
CVE-2025-3060 https://www.drupal.org/SA-CONTRIB-2025-005 β
CVE-2025-3061 https://www.drupal.org/SA-CONTRIB-2025-006 β
CVE-2025-3062 https://www.drupal.org/SA-CONTRIB-2025-010 β - πΊπΈUnited States cmlara
SA-CONTRIB-2025-023:
Curious how documented in the Security Advisory by the reporter and fixer as CAPEC-115 became CAPEC-85? - πΊπΈUnited States greggles Denver, Colorado, USA
Thanks for double checking those values. Digging into that issue again I see you had suggested
CWE-288: Authentication Bypass Using an Alternate Path or Channel
CAPEC-115: Authentication BypassI've now fixed the CVE to point to those.