Add CWE names to existing advisories

haskell · Dec 18, 2023 · 32d413c · 32d413c
1 parent 6d7627a
commit 32d413c
Show file tree

Hide file tree

Showing 15 changed files with 19 additions and 15 deletions.
diff --git a/README.md b/README.md
@@ -34,7 +34,8 @@ id = "HSEC-0000-0000"
 date = 2021-01-31
 
 # Optional: Classification of the advisory with respect to the Common Weakness Enumeration.
-cwe = [820]
+# Get number and names from https://cwe.mitre.org/, or look at the Security.CWE.Data module.
+cwe = ["820: Missing Synchronization"]
 
 # Arbitrary keywords.  We recommend to include keywords relating
 # to the protocols, data formats or services pertaining to the

diff --git a/advisories/hackage/aeson/HSEC-2023-0001.md b/advisories/hackage/aeson/HSEC-2023-0001.md
@@ -1,7 +1,7 @@
 ```toml
 [advisory]
 id = "HSEC-2023-0001"
-cwe = ["Use of Weak Hash", "Uncontrolled Resource Consumption"]
+cwe = ["328: Use of Weak Hash", "400: Uncontrolled Resource Consumption"]
 keywords = ["json", "dos", "historical"]
 aliases = ["CVE-2022-3433"]
 

diff --git a/advisories/hackage/base/HSEC-2023-0007.md b/advisories/hackage/base/HSEC-2023-0007.md
@@ -1,7 +1,8 @@
 ```toml
 [advisory]
 id = "HSEC-2023-0007"
-cwe = [1284, 789]
+cwe = ["1284: Improper Validation of Specified Quantity in Input",
+       "789: Memory Allocation with Excessive Size Value"]
 keywords = ["toml", "parser", "dos"]
 
 [[affected]]

diff --git a/advisories/hackage/biscuit-haskell/HSEC-2023-0002.md b/advisories/hackage/biscuit-haskell/HSEC-2023-0002.md
@@ -1,7 +1,7 @@
 ```toml
 [advisory]
 id = "HSEC-2023-0002"
-cwe = [347]
+cwe = ["347: Improper Verification of Cryptographic Signature"]
 keywords = ["crypto", "historical"]
 aliases = ["CVE-2022-31053"]
 related = ["GHSA-75rw-34q6-72cr"]

diff --git a/advisories/hackage/git-annex/HSEC-2023-0009.md b/advisories/hackage/git-annex/HSEC-2023-0009.md
@@ -1,7 +1,8 @@
 ```toml
 [advisory]
 id = "HSEC-2023-0009"
-cwe = [20, 78]
+cwe = ["20: Improper Input Validation",
+       "78: Improper Neutralization of Special Elements used in an OS Command"]
 keywords = ["ssh", "command-injection", "historical"]
 aliases = ["CVE-2017-12976"]
 related = ["CVE-2017-9800", "CVE-2017-12836", "CVE-2017-1000116", "CVE-2017-1000117"]

diff --git a/advisories/hackage/git-annex/HSEC-2023-0010.md b/advisories/hackage/git-annex/HSEC-2023-0010.md
@@ -1,7 +1,8 @@
 ```toml
 [advisory]
 id = "HSEC-2023-0010"
-cwe = [200, 610]
+cwe = ["200: Exposure of Sensitive Information to an Unauthorized Actor",
+       "610: Externally Controlled Reference to a Resource in Another Sphere"]
 keywords = ["exfiltration", "historical"]
 aliases = ["CVE-2018-10857"]
 

diff --git a/advisories/hackage/git-annex/HSEC-2023-0011.md b/advisories/hackage/git-annex/HSEC-2023-0011.md
@@ -1,7 +1,7 @@
 ```toml
 [advisory]
 id = "HSEC-2023-0011"
-cwe = [200]
+cwe = ["200: Exposure of Sensitive Information to an Unauthorized Actor"]
 keywords = ["exfiltration", "pgp", "historical"]
 aliases = ["CVE-2018-10859"]
 related = ["HSEC-2023-0010", "CVE-2018-10857"]

diff --git a/advisories/hackage/git-annex/HSEC-2023-0012.md b/advisories/hackage/git-annex/HSEC-2023-0012.md
@@ -1,7 +1,7 @@
 ```toml
 [advisory]
 id = "HSEC-2023-0012"
-cwe = [200]
+cwe = ["200: Exposure of Sensitive Information to an Unauthorized Actor"]
 keywords = ["historical"]
 
 [[affected]]

diff --git a/advisories/hackage/git-annex/HSEC-2023-0013.md b/advisories/hackage/git-annex/HSEC-2023-0013.md
@@ -1,7 +1,7 @@
 ```toml
 [advisory]
 id = "HSEC-2023-0013"
-cwe = [312]
+cwe = ["312: Cleartext Storage of Sensitive Information"]
 keywords = ["historical"]
 aliases = ["CVE-2014-6274"]
 

diff --git a/advisories/hackage/hledger-web/HSEC-2023-0008.md b/advisories/hackage/hledger-web/HSEC-2023-0008.md
@@ -1,7 +1,7 @@
 ```toml
 [advisory]
 id = "HSEC-2023-0008"
-cwe = [87]
+cwe = ["87: Improper Neutralization of Alternate XSS Syntax"]
 keywords = ["web", "xss", "historical"]
 aliases = ["CVE-2021-46888"]
 

diff --git a/advisories/hackage/pandoc/HSEC-2023-0014.md b/advisories/hackage/pandoc/HSEC-2023-0014.md
@@ -3,7 +3,7 @@
 id = "HSEC-2023-0014"
 keywords = ["file write"]
 aliases = ["CVE-2023-35936", "GHSA-xj5q-fv23-575g"]
-cwe = [20]
+cwe = ["20: Improper Input Validation"]
 
 [[references]]
 type = "REPORT"

diff --git a/advisories/hackage/tls-extra/HSEC-2023-0005.md b/advisories/hackage/tls-extra/HSEC-2023-0005.md
@@ -1,7 +1,7 @@
 ```toml
 [advisory]
 id = "HSEC-2023-0005"
-cwe = [295]
+cwe = ["295: Improper Certificate Validation"]
 keywords = ["x509", "pki", "mitm", "historical"]
 aliases = ["CVE-2013-0243"]
 

diff --git a/advisories/hackage/x509-validation/HSEC-2023-0006.md b/advisories/hackage/x509-validation/HSEC-2023-0006.md
@@ -1,7 +1,7 @@
 ```toml
 [advisory]
 id = "HSEC-2023-0006"
-cwe = [295]
+cwe = ["295: Improper Certificate Validation"]
 keywords = ["x509", "pki", "historical"]
 
 [[affected]]

diff --git a/advisories/hackage/xml-conduit/HSEC-2023-0004.md b/advisories/hackage/xml-conduit/HSEC-2023-0004.md
@@ -1,7 +1,7 @@
 ```toml
 [advisory]
 id = "HSEC-2023-0004"
-cwe = [776]
+cwe = ["776: Improper Restriction of Recursive Entity References in DTDs"]
 keywords = ["xml", "dos", "historical"]
 aliases = ["CVE-2021-4249", "VDB-216204"]
 

diff --git a/advisories/hackage/xmonad-contrib/HSEC-2023-0003.md b/advisories/hackage/xmonad-contrib/HSEC-2023-0003.md
@@ -1,7 +1,7 @@
 ```toml
 [advisory]
 id = "HSEC-2023-0003"
-cwe = [94]
+cwe = ["94: Improper Control of Generation of Code"]
 keywords = ["code", "injection", "historical"]
 aliases = ["CVE-2013-1436"]