Updates

TimmyBugcrowd · abhinav-nain · commit cec42f31f7c0 · 2025-08-18T09:04:07.000+05:30
diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json
@@ -3,6 +3,72 @@
     "default": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
   },
   "content": [
+         {
+        "id": "cloud_security",
+        "children": [
+          {
+            "id": "identity_and_access_management_iam_misconfigurations",
+            "children": [
+              {
+                "id": "overly_permissive_iam_roles",
+                "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
+              },
+              {
+                "id": "publicly_accessible_iam_credentials",
+                "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+              }
+            ]
+          },
+          {
+            "id": "storage_misconfigurations",
+            "children": [
+              {
+                "id": "publicly_accessible_cloud_storage",
+                "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+              },
+              {
+                "id": "unencrypted_sensitive_data_at_rest",
+                "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+              }
+            ]
+          },
+          {
+            "id": "network_configuration_issues",
+            "children": [
+              {
+                "id": "open_management_ports_to_the_internet",
+                "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
+              },
+              {
+                "id": "lack_of_network_segmentation",
+                "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L"
+              }
+            ]
+          },
+          {
+            "id": "misconfigured_services_and_apis",
+            "children": [
+              {
+                "id": "exposed_debug_or_admin_interfaces",
+                "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+              },
+              {
+                "id": "insecure_api_endpoints",
+                "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
+              }
+            ]
+          },
+          {
+            "id": "logging_and_monitoring_issues",
+            "children": [
+              {
+                "id": "disabled_or_insufficient_logging",
+                "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+              }
+            ]
+          }
+        ]
+      },        
     {
       "id": "ai_application_security",
       "children": [
diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json
@@ -14,6 +14,14 @@
         "https://owasp.org/www-project-top-10-for-large-language-model-applications/"
       ]
     },
+    {
+      "id": "cloud_security",
+      "remediation_advice": "Harden cloud environments by enforcing least privilege on identities, encrypting data in transit and at rest, blocking public access to sensitive resources, and restricting admin interfaces to trusted networks. Implement proper network segmentation, enable logging and continuous monitoring, and audit configurations regularly using automated tools. Follow cloud security benchmarks and adopt defense-in-depth strategies.",
+      "references": [
+       "https://owasp.org/www-project-cloud-native-application-security-top-10/",
+       "https://cloudsecurityalliance.org/artifacts/security-guidance-v4/"
+     ]
+    },    
     {
       "id": "algorithmic_biases",
       "children": [
