Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91

Update CVSSv3 to CVSSv4 in security documentation (#41814)

Browse source
This commit is contained in:
Allen Houchins 2026-03-17 16:28:50 -05:00 committed by GitHub
parent 38d89d6637
commit d2893a8fe3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
handbook/it/security.md
View file

@ -1944,13 +1944,13 @@ We ask for vulnerabilities reported by researchers and prefer to perform coordin
For other vulnerabilities affecting Fleet or code used in Fleet, the Head of Security, CTO and CEO can accept the risk of patching them according to custom timelines, depending on the risk and possible temporary mitigations.
### Mapping of CVSSv3 scores to Fleet severity
### Mapping of CVSSv4 scores to Fleet severity
Fleet adapts the severity assigned to vulnerabilities when needed.
The features we use in a library, for example, can mean that some vulnerabilities in the library are unexploitable. In other cases, it might make the vulnerability easier to exploit. In those cases, Fleet would first categorize the vulnerability using publicly available information, then lower or increase the severity based on additional context.
When using externally provided CVSSv3 scores, Fleet maps them like this:
When using externally provided CVSSv4 scores, Fleet maps them like this:
| CVSSv3 score | Fleet severity |
| ---------------------------------- | ----------------------------------- |