NAME

CVSS::v3 - Parse and calculate CVSS v3.x scores

SYNOPSIS

use CVSS::v3;
my $cvss = CVSS::v3->from_vector_string('CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H');

say $cvss->AV; # A
say $cvss->attackVector; # ADJACENT_NETWORK

DESCRIPTION

The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. CVSS consists of three metric groups: Base, Temporal, and Environmental. The Base group represents the intrinsic qualities of a vulnerability that are constant over time and across user environments, the Temporal group reflects the characteristics of a vulnerability that change over time, and the Environmental group represents the characteristics of a vulnerability that are unique to a user's environment. The Base metrics produce a score ranging from 0 to 10, which can then be modified by scoring the Temporal and Environmental metrics. A CVSS score is also represented as a vector string, a compressed textual representation of the values used to derive the score.

https://www.first.org/cvss/v3.1/specification-document https://www.first.org/cvss/v3.0/specification-document

METHODS

CVSS::v3 inherits all methods from CVSS::Base and implements the following new ones.

BASE METRICS

$cvss->AV | $cvss->attackVector
$cvss->AC | $cvss->attackComplexity
$cvss->PR | $cvss->privilegesRequired
$cvss->UI | $cvss->userInteraction
$cvss->S | $cvss->scope
$cvss->C | $cvss->confidentialityImpact
$cvss->I | $cvss->integrityImpact
$cvss->A | $cvss->availabilityImpact

TEMPORAL METRICS

$cvss->E | $cvss->exploitCodeMaturity
$cvss->RL | $cvss->remediationLevel
$cvss->RC | $cvss->reportConfidence

ENVIROMENTAL METRICS

$cvss->CR | $cvss->confidentialityRequirement
$cvss->IR | $cvss->integrityRequirement
$cvss->AR | $cvss->availabilityRequirement
$cvss->MAV | $cvss->modifiedAttackVector
$cvss->MAC | $cvss->modifiedAttackComplexity
$cvss->MPR | $cvss->modifiedPrivilegesRequired
$cvss->MUI | $cvss->modifiedUserInteraction
$cvss->MS | $cvss->modifiedScope
$cvss->MC | $cvss->modifiedConfidentialityImpact
$cvss->MI | $cvss->modifiedIntegrityImpact
$cvss->MA | $cvss->modifiedAvailabilityImpact

SUPPORT

Bugs / Feature Requests

Please report any bugs or feature requests through the issue tracker at https://github.com/giterlizzi/perl-CVSS/issues. You will be notified automatically of any progress on your issue.

Source Code

This is open source software. The code repository is available for public review and contribution under the terms of the license.

https://github.com/giterlizzi/perl-CVSS

git clone https://github.com/giterlizzi/perl-CVSS.git

AUTHOR

Giuseppe Di Terlizzi <gdt@cpan.org>

LICENSE AND COPYRIGHT

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

To install CVSS, copy and paste the appropriate command in to your terminal.

cpanm

cpanm CVSS

CPAN shell

perl -MCPAN -e shell
install CVSS

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)