How to get a CVE | Methodology
Рет қаралды 2,883
Күн бұрынEver wanted to know how you as a hacker can get a CVE assigned for a vulnerability you found during a bug bounty or penetration test? I walk you through the whole process so you can understand how and where you submit for CVE, the communication to expect and what you need to do once the CVE has been assigned.
Go here to start submitted your first CVE!
cveform.mitre.org
Leave a comment with your CVE when you get it assigned!
@minhld8736 Жыл бұрын
Your sharing is really helpful, thank you so much!
@MrFreakyclown Жыл бұрын
Glad it was helpful!
@MrACG66 Жыл бұрын
Thanks!
@MrFreakyclown Жыл бұрын
Welcome!
@elfinofficial4071 18 күн бұрын
I've emailed the devs, and they just don't answer, though they're active in their github issue site. They have separate email for security report. In this process do we need the dev to 1. acknowledge the vuln and 2. fix it.?
@Hexthekid Жыл бұрын
Thank you so much for this video! Just a question, what is the courtesy around submitting a cve request? ie is it better to submit before the vendor fix the vuln or after the vendor fix it? also how long does it usually take to get assigned to a CVE number? Thank you so much!
@MrFreakyclown Жыл бұрын
The vendor should be told before you submit. CVE can take weeks but in general I find they assigned within 24 hours.
@radharamandwivedi7609 5 ай бұрын
hey if I find a vulnerability in login pages of a public facing web app, can I get a cve for that?
@alfatech8604 3 ай бұрын
depends if they use a known cms or web framework where the vulnerability still persist on your offline or local test for example wordpress then you can get a cve but if not search for a bug bounty platform where they have assigned up for then report it there
InsiderPhD
Рет қаралды 19 М.
MrFreakyclown
Рет қаралды 526
Jason Derulo
Рет қаралды 30 МЛН
thehackerish
Рет қаралды 241 М.