Как происходит присваивание CVE

[Pulsera]

Всем привет. У меня такой вопрос, как происходит присваивание CVE к уязвимости?

Допустим человек нашел уязвимость, сообщил о ней разработчикам, они ее исправляют и дальше что? мне интересно как они присваивают CVE номер и как это становится известно, что информация о уязвимости появляется на различных сайтах, например как cve.mitre, nist, cve details и т.д

 

[Pulsera]

123, вывод на самое видное место)

Твой вопрос гуглится за 30 секунд
There are multiple ways to obtain a CVE.

One could contact one of the CVE Numbering Authorities (CNA), an emergency response team (think CERT) or the CVE project. If the vendor of a product is listed as a CNA you must contact the vendor to obtain a CVE.

Sufficient information must be provided to allow the CVE assigner to take a decision (provide the CVE, merge with other CVEs etc).

For more information see CVE - Request CVE IDs and CVE - CVE Numbering Authorities

Some vendors such as Drupal will request CVE identifiers in bulk via openwall for published security announcements that do not already have a CVE requested by the researcher.

Вот как, спасибо)

 

[mrOkey]

Твой вопрос гуглится за 30 секунд

There are multiple ways to obtain a CVE.

One could contact one of the CVE Numbering Authorities (CNA), an emergency response team (think CERT) or the CVE project. If the vendor of a product is listed as a CNA you must contact the vendor to obtain a CVE.

Sufficient information must be provided to allow the CVE assigner to take a decision (provide the CVE, merge with other CVEs etc).

For more information see CVE - Request CVE IDs and CVE - CVE Numbering Authorities

Some vendors such as Drupal will request CVE identifiers in bulk via openwall for published security announcements that do not already have a CVE requested by the researcher.