Struct cvss::v3::base::Base

source · [−]

pub struct Base {
    pub minor_version: usize,
    pub av: Option<AttackVector>,
    pub ac: Option<AttackComplexity>,
    pub pr: Option<PrivilegesRequired>,
    pub ui: Option<UserInteraction>,
    pub s: Option<Scope>,
    pub c: Option<Confidentiality>,
    pub i: Option<Integrity>,
    pub a: Option<Availability>,
}

Expand description

CVSS v3.1 Base Metric Group

Described in CVSS v3.1 Specification: Section 2: https://www.first.org/cvss/specification-document#t6

The Base metric group represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. It is composed of two sets of metrics: the Exploitability metrics and the Impact metrics.

The Exploitability metrics reflect the ease and technical means by which the vulnerability can be exploited. That is, they represent characteristics of the thing that is vulnerable, which we refer to formally as the vulnerable component. The Impact metrics reflect the direct consequence of a successful exploit, and represent the consequence to the thing that suffers the impact, which we refer to formally as the impacted component.

While the vulnerable component is typically a software application, module, driver, etc. (or possibly a hardware device), the impacted component could be a software application, a hardware device or a network resource. This potential for measuring the impact of a vulnerability other than the vulnerable component, was a key feature introduced with CVSS v3.0. This property is captured by the Scope metric.

Fields

minor_version: usize

Minor component of the version

av: Option<AttackVector>

Attack Vector (AV)

ac: Option<AttackComplexity>

Attack Complexity (AC)

pr: Option<PrivilegesRequired>

Privileges Required (PR)

ui: Option<UserInteraction>

User Interaction (UI)

s: Option<Scope>

Scope (S)

c: Option<Confidentiality>

Confidentiality Impact (C)

i: Option<Integrity>

Integrity Impact (I)

a: Option<Availability>

Availability Impact (A)

Implementations

source

impl Base

source

pub fn score(&self) -> Score

Available on crate feature std only.

Calculate Base CVSS score: overall value for determining the severity of a vulnerability, generally referred to as the “CVSS score”.

Described in CVSS v3.1 Specification: Section 2: https://www.first.org/cvss/specification-document#t6

When the Base metrics are assigned values by an analyst, the Base equation computes a score ranging from 0.0 to 10.0.

Specifically, the Base equation is derived from two sub equations: the Exploitability sub-score equation, and the Impact sub-score equation. The Exploitability sub-score equation is derived from the Base Exploitability metrics, while the Impact sub-score equation is derived from the Base Impact metrics.

source

pub fn exploitability(&self) -> Score

Calculate Base Exploitability score: sub-score for measuring ease of exploitation.

Described in CVSS v3.1 Specification: Section 2: https://www.first.org/cvss/specification-document#t6

The Exploitability metrics reflect the ease and technical means by which the vulnerability can be exploited. That is, they represent characteristics of the thing that is vulnerable, which we refer to formally as the vulnerable component.

source

pub fn impact(&self) -> Score

Available on crate feature std only.

Calculate Base Impact Score (ISS): sub-score for measuring the consequences of successful exploitation.

Described in CVSS v3.1 Specification: Section 2: https://www.first.org/cvss/specification-document#t6

The Impact metrics reflect the direct consequence of a successful exploit, and represent the consequence to the thing that suffers the impact, which we refer to formally as the impacted component.

source