From 709d10618d2a336cdcaba686d4d3a65715343d51 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Wed, 15 May 2024 11:00:38 -0400 Subject: [PATCH 1/3] docs update --- api-docs/openapi.json | 6630 ++++++++++++++++++++--------------------- 1 file changed, 3315 insertions(+), 3315 deletions(-) diff --git a/api-docs/openapi.json b/api-docs/openapi.json index 7b339c7a..e7cc8041 100644 --- a/api-docs/openapi.json +++ b/api-docs/openapi.json @@ -1,3480 +1,3480 @@ { - "openapi": "3.0.2", - "info": { - "version": "2.3.1", - "title": "CVE Services API", - "description": "The CVE Services API supports automation tooling for the CVE Program. Credentials are required for most service endpoints. Representatives of CVE Numbering Authorities (CNAs) should use one of the methods below to obtain credentials:

CVE data is to be in the JSON 5.1 CVE Record format. Details of the JSON 5.1 schema are located here.

Contact the CVE Services team", - "contact": { - "name": "CVE Services Overview", - "url": "https://cveproject.github.io/automation-cve-services#services-overview" + "openapi": "3.0.2", + "info": { + "version": "2.3.1", + "title": "CVE Services API", + "description": "The CVE Services API supports automation tooling for the CVE Program. Credentials are required for most service endpoints. Representatives of CVE Numbering Authorities (CNAs) should use one of the methods below to obtain credentials:

CVE data is to be in the JSON 5.1 CVE Record format. Details of the JSON 5.1 schema are located here.

Contact the CVE Services team", + "contact": { + "name": "CVE Services Overview", + "url": "https://cveproject.github.io/automation-cve-services#services-overview" + } + }, + "servers": [ + { + "url": "https://cveawg-dev.mitre.org/api" + } + ], + "paths": { + "/cve-id": { + "get": { + "tags": [ + "CVE ID" + ], + "summary": "Retrieves information about CVE IDs after applying the query parameters as filters (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves filtered CVE IDs owned by the user's organization

Secretariat: Retrieves filtered CVE IDs owned by any organization

", + "operationId": "cveIdGetFiltered", + "parameters": [ + { + "$ref": "#/components/parameters/cveIdGetFilteredState" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredCveIdYear" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedLt" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedGt" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedLt" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedGt" + }, + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "A filtered list of information about CVE IDs owned by the organization, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/list-cve-ids-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } + }, + "post": { + "tags": [ + "CVE ID" + ], + "summary": "Reserves CVE IDs for the organization provided in the short_name query parameter (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Reserves CVE IDs for the CNA

Secretariat: Reserves CVE IDs for any organization

", + "operationId": "cveIdReserve", + "parameters": [ + { + "$ref": "#/components/parameters/amount" + }, + { + "$ref": "#/components/parameters/batch_type" + }, + { + "$ref": "#/components/parameters/cve_year" + }, + { + "$ref": "#/components/parameters/short_name" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "A list of the newly reserved CVE IDs", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/create-cve-ids-response.json" + } + } + } + }, + "206": { + "description": "A partial list of the CVE IDs the IDR service managed to reserve before encountering a case where no more CVE IDs could be reserved", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/create-cve-ids-partial-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + } + } }, - "servers": [ - { - "url": "https://cveawg-dev.mitre.org/api" - } - ], - "paths": { - "/cve-id": { - "get": { - "tags": [ - "CVE ID" - ], - "summary": "Retrieves information about CVE IDs after applying the query parameters as filters (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves filtered CVE IDs owned by the user's organization

Secretariat: Retrieves filtered CVE IDs owned by any organization

", - "operationId": "cveIdGetFiltered", - "parameters": [ - { - "$ref": "#/components/parameters/cveIdGetFilteredState" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredCveIdYear" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedLt" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedGt" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedLt" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedGt" - }, - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "A filtered list of information about CVE IDs owned by the organization, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/list-cve-ids-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + "/cve-id/{id}": { + "get": { + "tags": [ + "CVE ID" + ], + "summary": "Retrieves information about the specified CVE ID (accessible to all users)", + "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

Regular, CNA & Admin Users: Retrieves full information about a CVE ID owned by their organization; partial information about a CVE ID owned by other organizations

Unauthenticated Users: Retrieves partial information about a CVE ID

Secretariat: Retrieves full information about a CVE ID owned by any organization

Note - The owning organization of RESERVED CVE IDs is redacted for all users other than those in the owning organization or Secretariat

", + "operationId": "cveIdGetSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the CVE ID information to retrieve" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The requested CVE ID information is returned", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/get-cve-id-response.json" } + } + } + }, + "400": { + "description": "Bad Request", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } }, - "post": { - "tags": [ - "CVE ID" - ], - "summary": "Reserves CVE IDs for the organization provided in the short_name query parameter (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Reserves CVE IDs for the CNA

Secretariat: Reserves CVE IDs for any organization

", - "operationId": "cveIdReserve", - "parameters": [ - { - "$ref": "#/components/parameters/amount" - }, - { - "$ref": "#/components/parameters/batch_type" - }, - { - "$ref": "#/components/parameters/cve_year" - }, - { - "$ref": "#/components/parameters/short_name" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "A list of the newly reserved CVE IDs", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/create-cve-ids-response.json" - } - } - } - }, - "206": { - "description": "A partial list of the CVE IDs the IDR service managed to reserve before encountering a case where no more CVE IDs could be reserved", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/create-cve-ids-partial-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" } + } } - }, - "/cve-id/{id}": { - "get": { - "tags": [ - "CVE ID" - ], - "summary": "Retrieves information about the specified CVE ID (accessible to all users)", - "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

Regular, CNA & Admin Users: Retrieves full information about a CVE ID owned by their organization; partial information about a CVE ID owned by other organizations

Unauthenticated Users: Retrieves partial information about a CVE ID

Secretariat: Retrieves full information about a CVE ID owned by any organization

Note - The owning organization of RESERVED CVE IDs is redacted for all users other than those in the owning organization or Secretariat

", - "operationId": "cveIdGetSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The id of the CVE ID information to retrieve" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The requested CVE ID information is returned", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/get-cve-id-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "429": { - "description": "Too Many Requests", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "401": { + "description": "Not Authenticated", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } + } + }, + "403": { + "description": "Forbidden", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } }, - "put": { - "tags": [ - "CVE ID" - ], - "summary": "Updates information related to the specified CVE ID (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates information related to a CVE ID owned by the CNA

Secretariat: Updates a CVE ID owned by any organization

", - "operationId": "cveIdUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The id of the CVE ID to update" - }, - { - "$ref": "#/components/parameters/org" - }, - { - "$ref": "#/components/parameters/state" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE ID information is returned", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/update-cve-id-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } - }, - "/cve-id-range/{year}": { - "post": { - "tags": [ - "CVE ID" - ], - "summary": "Creates a CVE-ID-Range for the specified year (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates a CVE-ID-Range for the specified year

", - "operationId": "cveIdRangeCreate", - "parameters": [ - { - "name": "year", - "in": "path", - "required": true, - "schema": { - "type": "integer" - }, - "description": "The year of the CVE-ID-Range" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The CVE-ID-Range was created" - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "404": { + "description": "Not Found", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } - }, - "/cve/{id}": { - "get": { - "tags": [ - "CVE Record" - ], - "summary": "Returns a CVE Record by CVE ID (accessible to all users)", - "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

All users: Retrieves the CVE Record specified

", - "operationId": "cveGetSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the Record to be retrieved" - } - ], - "responses": { - "200": { - "description": "The requested CVE Record", - "content": { - "application/json": { - "schema": { - "oneOf": [ - { - "$ref": "../schemas/cve/get-cve-record-response.json" - }, - { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" - } - ] - }, - "examples": { - "Published Record": { - "$ref": "#/components/examples/publishedRecord" - }, - "Rejected Record": { - "$ref": "#/components/examples/rejectedRecord" - } - } - } - } - }, - "400": { - "description": "Bad Request", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "429": { - "description": "Too Many Requests", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "429": { + "description": "Too Many Requests", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } + } + }, + "500": { + "description": "Internal Server Error", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } }, - "post": { - "tags": [ - "CVE Record" - ], - "summary": "Creates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates a CVE Record for any organization

", - "operationId": "cveSubmit", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being submitted" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + } + }, + "put": { + "tags": [ + "CVE ID" + ], + "summary": "Updates information related to the specified CVE ID (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates information related to a CVE ID owned by the CNA

Secretariat: Updates a CVE ID owned by any organization

", + "operationId": "cveIdUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the CVE ID to update" + }, + { + "$ref": "#/components/parameters/org" + }, + { + "$ref": "#/components/parameters/state" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE ID information is returned", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/update-cve-id-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + } + } + }, + "/cve-id-range/{year}": { + "post": { + "tags": [ + "CVE ID" + ], + "summary": "Creates a CVE-ID-Range for the specified year (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates a CVE-ID-Range for the specified year

", + "operationId": "cveIdRangeCreate", + "parameters": [ + { + "name": "year", + "in": "path", + "required": true, + "schema": { + "type": "integer" + }, + "description": "The year of the CVE-ID-Range" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The CVE-ID-Range was created" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + } + } + }, + "/cve/{id}": { + "get": { + "tags": [ + "CVE Record" + ], + "summary": "Returns a CVE Record by CVE ID (accessible to all users)", + "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

All users: Retrieves the CVE Record specified

", + "operationId": "cveGetSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the Record to be retrieved" + } + ], + "responses": { + "200": { + "description": "The requested CVE Record", + "content": { + "application/json": { + "schema": { + "oneOf": [ { - "$ref": "#/components/parameters/apiUserHeader" + "$ref": "../schemas/cve/get-cve-record-response.json" }, { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The CVE Record created", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" } + ] }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" - } - } - } + "examples": { + "Published Record": { + "$ref": "#/components/examples/publishedRecord" + }, + "Rejected Record": { + "$ref": "#/components/examples/rejectedRecord" + } + } + } + } + }, + "400": { + "description": "Bad Request", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "429": { + "description": "Too Many Requests", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + } + }, + "post": { + "tags": [ + "CVE Record" + ], + "summary": "Creates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates a CVE Record for any organization

", + "operationId": "cveSubmit", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being submitted" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The CVE Record created", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } + } + } + }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" + } + } + } + } + }, + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Updates a CVE Record for any organization

", + "operationId": "cveUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Updates a CVE Record for any organization

", - "operationId": "cveUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being updated" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-full-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" - } - } - } + "description": "The CVE ID for the record being updated" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-full-cve-record-response.json" } + } } - }, - "/cve": { - "get": { - "tags": [ - "CVE Record" - ], - "summary": "Retrieves all CVE Records after applying the query parameters as filters (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves all CVE records for all organizations

", - "operationId": "cveGetFiltered", - "parameters": [ - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" - }, - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" - }, - { - "$ref": "#/components/parameters/cveState" - }, - { - "$ref": "#/components/parameters/countOnly" - }, - { - "$ref": "#/components/parameters/assignerShortName" - }, - { - "$ref": "#/components/parameters/assigner" - }, - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/cnaModified" - }, - { - "$ref": "#/components/parameters/adpShortName" - } - ], - "responses": { - "200": { - "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "oneOf": [ - { - "$ref": "../schemas/cve/list-cve-records-response.json" - }, - { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" - } - ] - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Unauthorized" - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } + } }, - "/cve_cursor": { - "get": { - "tags": [ - "CVE Record" - ], - "summary": "Retrieves all CVE Records after applying the query parameters as filters. Uses cursor pagination to paginate results (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves all CVE records for all organizations

", - "operationId": "cveGetFilteredCursor", - "parameters": [ - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" - }, - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" - }, - { - "$ref": "#/components/parameters/cveState" - }, - { - "$ref": "#/components/parameters/countOnly" - }, - { - "$ref": "#/components/parameters/assignerShortName" - }, - { - "$ref": "#/components/parameters/assigner" - }, - { - "$ref": "#/components/parameters/cnaModified" - }, - { - "$ref": "#/components/parameters/adpShortName" - }, - { - "$ref": "#/components/parameters/nextPage" - }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" + } + } + } + } + } + }, + "/cve": { + "get": { + "tags": [ + "CVE Record" + ], + "summary": "Retrieves all CVE Records after applying the query parameters as filters (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves all CVE records for all organizations

", + "operationId": "cveGetFiltered", + "parameters": [ + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" + }, + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" + }, + { + "$ref": "#/components/parameters/cveState" + }, + { + "$ref": "#/components/parameters/countOnly" + }, + { + "$ref": "#/components/parameters/assignerShortName" + }, + { + "$ref": "#/components/parameters/assigner" + }, + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/cnaModified" + }, + { + "$ref": "#/components/parameters/adpShortName" + } + ], + "responses": { + "200": { + "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "oneOf": [ { - "$ref": "#/components/parameters/previousPage" + "$ref": "../schemas/cve/list-cve-records-response.json" }, { - "$ref": "#/components/parameters/limit" - } - ], - "responses": { - "200": { - "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "oneOf": [ - { - "$ref": "../schemas/cve/cursor-cve-records-response.json" - }, - { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" - } - ] - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Unauthorized" - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" } + ] } + } } - }, - "/cve/{id}/cna": { - "post": { - "tags": [ - "CVE Record" - ], - "summary": "Creates a CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Creates CVE Record for a CVE ID owned by their organization

Secretariat: Creates CVE Record for CVE IDs owned by any organization

", - "operationId": "cveCnaCreateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being created" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Unauthorized" + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + } + } + }, + "/cve_cursor": { + "get": { + "tags": [ + "CVE Record" + ], + "summary": "Retrieves all CVE Records after applying the query parameters as filters. Uses cursor pagination to paginate results (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves all CVE records for all organizations

", + "operationId": "cveGetFilteredCursor", + "parameters": [ + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" + }, + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" + }, + { + "$ref": "#/components/parameters/cveState" + }, + { + "$ref": "#/components/parameters/countOnly" + }, + { + "$ref": "#/components/parameters/assignerShortName" + }, + { + "$ref": "#/components/parameters/assigner" + }, + { + "$ref": "#/components/parameters/cnaModified" + }, + { + "$ref": "#/components/parameters/adpShortName" + }, + { + "$ref": "#/components/parameters/nextPage" + }, + { + "$ref": "#/components/parameters/previousPage" + }, + { + "$ref": "#/components/parameters/limit" + } + ], + "responses": { + "200": { + "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "oneOf": [ { - "$ref": "#/components/parameters/apiUserHeader" + "$ref": "../schemas/cve/cursor-cve-records-response.json" }, { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The CVE Record created", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-cna-request.json" - } - } + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" } + ] + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Unauthorized" + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } + } + } + } + } + }, + "/cve/{id}/cna": { + "post": { + "tags": [ + "CVE Record" + ], + "summary": "Creates a CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Creates CVE Record for a CVE ID owned by their organization

Secretariat: Creates CVE Record for CVE IDs owned by any organization

", + "operationId": "cveCnaCreateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates the CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates a CVE Record for records that are owned by their organization

Secretariat: Updates a CVE Record for records that are owned by any organization

", - "operationId": "cveCnaUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for which the record is being updated" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-full-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-cna-request.json" - } - } - } + "description": "The CVE ID for the record being created" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The CVE Record created", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } + } }, - "/cve/{id}/reject": { - "post": { - "tags": [ - "CVE Record" - ], - "summary": "Creates a rejected CVE Record for the specified ID if no record yet exists (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Creates a rejected CVE Record for a record owned by their organization

Secretariat: Creates a rejected CVE Record for a record owned by any organization

", - "operationId": "cveCnaCreateReject", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being rejected" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The rejected CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-rejection-request.json" - } - } - } + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-cna-request.json" + } + } + } + } + }, + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates the CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates a CVE Record for records that are owned by their organization

Secretariat: Updates a CVE Record for records that are owned by any organization

", + "operationId": "cveCnaUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for which the record is being updated" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-full-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-cna-request.json" + } + } + } + } + } + }, + "/cve/{id}/reject": { + "post": { + "tags": [ + "CVE Record" + ], + "summary": "Creates a rejected CVE Record for the specified ID if no record yet exists (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Creates a rejected CVE Record for a record owned by their organization

Secretariat: Creates a rejected CVE Record for a record owned by any organization

", + "operationId": "cveCnaCreateReject", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates an existing CVE Record with a rejected record for the specified ID (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates a rejected CVE Record for a record owned by their organization

Secretariat: Updates a rejected CVE Record for a record owned by any organization

", - "operationId": "cveCnaUpdateReject", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being rejected" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The rejected CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-cve-record-rejection-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-cve-record-rejection-request.json" - } - } - } + "description": "The CVE ID for the record being rejected" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The rejected CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-rejection-request.json" + } + } + } + } + }, + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates an existing CVE Record with a rejected record for the specified ID (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates a rejected CVE Record for a record owned by their organization

Secretariat: Updates a rejected CVE Record for a record owned by any organization

", + "operationId": "cveCnaUpdateReject", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being rejected" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The rejected CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-cve-record-rejection-response.json" } + } } - }, - "/cve/{id}/adp": { - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates the CVE Record from ADP Container JSON for the specified ID (accessible to ADPs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the ADP or Secretariat role

Expected Behavior

ADP: Updates a CVE Record for records that are owned by any organization

Secretariat: Updates a CVE Record for records that are owned by any organization

", - "operationId": "cveAdpUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for which the record is being updated" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/cve/update-full-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" - } - } - } - } - }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/cve/create-adp-record-adp-request.json" - } - } - } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" } + } } - }, - "/org": { - "get": { - "tags": [ - "Organization" - ], - "summary": "Retrieves all organizations (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves information about all organizations

", - "operationId": "orgAll", - "parameters": [ - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about all organizations, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/list-orgs-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } - }, - "post": { - "tags": [ - "Organization" - ], - "summary": "Creates an organization as specified in the request body (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates an organization

", - "operationId": "orgCreateSingle", - "parameters": [ - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about the organization created", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/create-org-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/create-org-request.json" - } - } - } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } - }, - "/org/{identifier}": { - "get": { - "tags": [ - "Organization" - ], - "summary": "Retrieves information about the organization specified by short name or UUID (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves organization record for the specified shortname or UUID if it is the user's organization

Secretariat: Retrieves information about any organization

", - "operationId": "orgSingle", - "parameters": [ - { - "name": "identifier", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname or UUID of the organization" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the organization information", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/get-org-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } - }, - "/org/{shortname}": { - "put": { - "tags": [ - "Organization" - ], - "summary": "Updates information about the organization specified by short name (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Updates any organization's information

", - "operationId": "orgUpdateSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/id_quota" - }, - { - "$ref": "#/components/parameters/name" - }, - { - "$ref": "#/components/parameters/newShortname" - }, - { - "$ref": "#/components/parameters/active_roles_add" - }, - { - "$ref": "#/components/parameters/active_roles_remove" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about the organization updated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/update-org-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } + } }, - "/org/{shortname}/id_quota": { - "get": { - "tags": [ - "Organization" - ], - "summary": "Retrieves an organization's CVE ID quota (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves the CVE ID quota for the user's organization

Secretariat: Retrieves the CVE ID quota for any organization

", - "operationId": "orgIdQuota", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the CVE ID quota for an organization", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/get-org-quota-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-cve-record-rejection-request.json" + } + } + } + } + } + }, + "/cve/{id}/adp": { + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates the CVE Record from ADP Container JSON for the specified ID (accessible to ADPs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the ADP or Secretariat role

Expected Behavior

ADP: Updates a CVE Record for records that are owned by any organization

Secretariat: Updates a CVE Record for records that are owned by any organization

", + "operationId": "cveAdpUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for which the record is being updated" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/cve/update-full-cve-record-response.json" } + } } - }, - "/org/{shortname}/users": { - "get": { - "tags": [ - "Users" - ], - "summary": "Retrieves all users for the organization with the specified short name (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves information about users in the same organization

Secretariat: Retrieves all user information for any organization

", - "operationId": "userOrgAll", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns all users for the organization, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/list-users-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/bad-request.json" } + } } - }, - "/org/{shortname}/user": { - "post": { - "tags": [ - "Users" - ], - "summary": "Create a user with the provided short name as the owning organization (accessible to Admins and Secretariats)", - "description": "

Access Control

User must belong to an organization with the Secretariat role or be an Admin of the organization

Expected Behavior

Admin User: Creates a user for the Admin's organization

Secretariat: Creates a user for any organization

", - "operationId": "userCreateSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the new user information (with the secret)", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/create-user-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/create-user-request.json" - } - } - } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" } + } } + } }, - "/org/{shortname}/user/{username}": { - "get": { - "tags": [ - "Users" - ], - "summary": "Retrieves information about a user for the specified username and organization short name (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves information about a user in the same organization

Secretariat: Retrieves any user's information

", - "operationId": "userSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "name": "username", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The username of the user" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about the specified user", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/get-user-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/cve/create-adp-record-adp-request.json" + } + } + } + } + } + }, + "/org": { + "get": { + "tags": [ + "Organization" + ], + "summary": "Retrieves all organizations (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves information about all organizations

", + "operationId": "orgAll", + "parameters": [ + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about all organizations, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/list-orgs-response.json" } - }, - "put": { - "tags": [ - "Users" - ], - "summary": "Updates information about a user for the specified username and organization shortname (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular User: Updates the user's own information. Only name fields may be changed.

Admin User: Updates information about a user in the Admin's organization. Allowed to change all fields except org_short_name.

Secretariat: Updates information about a user in any organization. Allowed to change all fields.

", - "operationId": "userUpdateSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "name": "username", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The username of the user" - }, - { - "$ref": "#/components/parameters/active" - }, - { - "$ref": "#/components/parameters/activeUserRolesAdd" - }, - { - "$ref": "#/components/parameters/activeUserRolesRemove" - }, - { - "$ref": "#/components/parameters/nameFirst" - }, - { - "$ref": "#/components/parameters/nameLast" - }, - { - "$ref": "#/components/parameters/nameMiddle" - }, - { - "$ref": "#/components/parameters/nameSuffix" - }, - { - "$ref": "#/components/parameters/newUsername" - }, - { - "$ref": "#/components/parameters/orgShortname" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the updated user information", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/update-user-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + } + }, + "post": { + "tags": [ + "Organization" + ], + "summary": "Creates an organization as specified in the request body (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates an organization

", + "operationId": "orgCreateSingle", + "parameters": [ + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about the organization created", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/create-org-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } - }, - "/org/{shortname}/user/{username}/reset_secret": { - "put": { - "tags": [ - "Users" - ], - "summary": "Reset the API key for a user (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular User: Resets user's own API secret

Admin User: Resets any user's API secret in the Admin's organization

Secretariat: Resets any user's API secret

", - "operationId": "userResetSecret", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "name": "username", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The username of the user" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the new API key", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/reset-secret-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } - }, - "/users": { - "get": { - "tags": [ - "Users" - ], - "summary": "Retrieves information about all registered users (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves information about all users for all organizations

", - "operationId": "userAll", - "parameters": [ - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns all users, along with pagination fields if results span multiple pages of data.", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/list-users-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } - }, - "/health-check": { - "get": { - "tags": [ - "Utilities" - ], - "summary": "Checks that the system is running (accessible to all users)", - "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

Returns a 200 response code when CVE Services are running

", - "operationId": "healthCheck", - "parameters": [], - "responses": { - "200": { - "description": "Returns a 200 response code" - } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } + } + } + }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/create-org-request.json" + } } + } } + } }, - "components": { - "parameters": { - "active": { - "in": "query", - "name": "active", - "description": "The new active state for the user entry. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", - "required": false, + "/org/{identifier}": { + "get": { + "tags": [ + "Organization" + ], + "summary": "Retrieves information about the organization specified by short name or UUID (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves organization record for the specified shortname or UUID if it is the user's organization

Secretariat: Retrieves information about any organization

", + "operationId": "orgSingle", + "parameters": [ + { + "name": "identifier", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname or UUID of the organization" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the organization information", + "content": { + "application/json": { "schema": { - "type": "boolean" + "$ref": "../schemas/org/get-org-response.json" } - }, - "active_roles_add": { - "in": "query", - "name": "active_roles.add", - "description": "Add an active role to the organization", - "required": false, - "schema": { - "type": "string", - "enum": [ - "CNA", - "SECRETARIAT" - ] + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" } - }, - "active_roles_remove": { - "in": "query", - "name": "active_roles.remove", - "description": "Remove an active role from the organization", - "required": false, - "schema": { - "type": "string", - "enum": [ - "CNA", - "SECRETARIAT" - ] + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } - }, - "activeUserRolesAdd": { - "in": "query", - "name": "active_roles.add", - "description": "Add an active role to the user", - "required": false, - "schema": { - "type": "string", - "enum": [ - "ADMIN" - ] + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } - }, - "activeUserRolesRemove": { - "in": "query", - "name": "active_roles.remove", - "description": "Remove an active role from the user", - "required": false, - "schema": { - "type": "string", - "enum": [ - "ADMIN" - ] + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } - }, - "apiEntityHeader": { - "in": "header", - "name": "CVE-API-ORG", - "description": "The shortname for the organization associated with the user requesting authentication", - "required": true, + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } + } + } + } + } + } + }, + "/org/{shortname}": { + "put": { + "tags": [ + "Organization" + ], + "summary": "Updates information about the organization specified by short name (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Updates any organization's information

", + "operationId": "orgUpdateSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "apiUserHeader": { - "in": "header", - "name": "CVE-API-USER", - "description": "The username for the account making the request", - "required": true, + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/id_quota" + }, + { + "$ref": "#/components/parameters/name" + }, + { + "$ref": "#/components/parameters/newShortname" + }, + { + "$ref": "#/components/parameters/active_roles_add" + }, + { + "$ref": "#/components/parameters/active_roles_remove" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about the organization updated", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/org/update-org-response.json" } - }, - "apiSecretHeader": { - "in": "header", - "name": "CVE-API-KEY", - "description": "The user's API key", - "required": true, + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/bad-request.json" } - }, - "amount": { - "in": "query", - "name": "amount", - "description": "Quantity of CVE IDs to reserve", - "required": true, + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { "schema": { - "type": "integer", - "format": "int32" + "$ref": "../schemas/errors/generic.json" } - }, - "assigner": { - "in": "query", - "name": "assigner", - "description": "Filter by assigner org UUID", - "required": false, + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } - }, - "assignerShortName": { - "in": "query", - "name": "assigner_short_name", - "description": "Filter by assignerShortName", - "required": false, + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } - }, - "batch_type": { - "in": "query", - "name": "batch_type", - "description": "Required when amount is greater than one, determines whether the reserved CVE IDs should be sequential or non-sequential", - "required": false, - "schema": { - "type": "string", - "enum": [ - "sequential", - "non-sequential", - "nonsequential" - ] + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } + } + } + } + } + }, + "/org/{shortname}/id_quota": { + "get": { + "tags": [ + "Organization" + ], + "summary": "Retrieves an organization's CVE ID quota (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves the CVE ID quota for the user's organization

Secretariat: Retrieves the CVE ID quota for any organization

", + "operationId": "orgIdQuota", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "countOnly": { - "in": "query", - "name": "count_only", - "description": "Get count of records that match query. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", - "required": false, + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the CVE ID quota for an organization", + "content": { + "application/json": { "schema": { - "type": "boolean" + "$ref": "../schemas/org/get-org-quota-response.json" } - }, - "nextPage": { - "in": "query", - "name": "next_page", - "description": "Key returned by a GET /cve_cursor call that must be used to get the next page of results in a subsequent call", - "required": false, + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/bad-request.json" } - }, - "previousPage": { - "in": "query", - "name": "previous_page", - "description": "Key returned by a GET /cve_cursor call that must be used to get the previous page of results in a subsequent call", - "required": false, + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } - }, - "limit": { - "in": "query", - "name": "limit", - "description": "CVE records to return per page. Must be between 1-500. ", - "required": false, + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { "schema": { - "type": "integer" + "$ref": "../schemas/errors/generic.json" } - }, - "cnaModified": { - "in": "query", - "name": "cna_modified", - "description": "Only get CVE records with cnaContainers that have been modified/created within the set time_modified range. Requires at least one time_modified parameter set", - "required": false, + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { "schema": { - "type": "boolean" + "$ref": "../schemas/errors/generic.json" } - }, - "adpShortName": { - "in": "query", - "name": "adp_short_name", - "description": "Only get CVE records that have an adpContainer owned by this org.", - "required": false, + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } + } + } + } + } + } + }, + "/org/{shortname}/users": { + "get": { + "tags": [ + "Users" + ], + "summary": "Retrieves all users for the organization with the specified short name (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves information about users in the same organization

Secretariat: Retrieves all user information for any organization

", + "operationId": "userOrgAll", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "cveState": { - "in": "query", - "name": "state", - "description": "Filter by state", - "schema": { - "type": "string", - "enum": [ - "PUBLISHED", - "REJECTED" - ] + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns all users for the organization, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/list-users-response.json" } - }, - "cve_year": { - "in": "query", - "name": "cve_year", - "description": "The year the CVE IDs will be reserved for (i.e., 1999, ..., currentYear + 1)", - "required": true, + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { "schema": { - "type": "integer", - "format": "int32" + "$ref": "../schemas/errors/bad-request.json" } - }, - "cveIdGetFilteredState": { - "in": "query", - "name": "state", - "description": "Filter by state ", - "required": false, - "schema": { - "type": "string", - "enum": [ - "RESERVED", - "PUBLISHED", - "REJECTED" - ] + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } - }, - "cveIdGetFilteredCveIdYear": { - "in": "query", - "name": "cve_id_year", - "description": "Filter by the year of the CVE IDs", - "required": false, + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } - }, - "cveIdGetFilteredTimeReservedLt": { - "in": "query", - "name": "time_reserved.lt", - "description": "Most recent reserved timestamp to retrieve. Include with all requests potentially returning multiple pages of CVE IDs to avoid issues if new IDs are reserved during use.

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { "schema": { - "type": "string", - "format": "date-time" + "$ref": "../schemas/errors/generic.json" } - }, - "cveIdGetFilteredTimeReservedGt": { - "in": "query", - "name": "time_reserved.gt", - "description": "Earliest CVE ID reserved timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { "schema": { - "type": "string", - "format": "date-time" + "$ref": "../schemas/errors/generic.json" } + } + } + } + } + } + }, + "/org/{shortname}/user": { + "post": { + "tags": [ + "Users" + ], + "summary": "Create a user with the provided short name as the owning organization (accessible to Admins and Secretariats)", + "description": "

Access Control

User must belong to an organization with the Secretariat role or be an Admin of the organization

Expected Behavior

Admin User: Creates a user for the Admin's organization

Secretariat: Creates a user for any organization

", + "operationId": "userCreateSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "cveIdGetFilteredTimeModifiedLt": { - "in": "query", - "name": "time_modified.lt", - "description": "Most recent modified timestamp to retrieve. Include with all requests using a time_modified.gt filter potentially returning multiple pages of CVE IDs. This will avoid issues if IDs are reserved or modified during use.

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the new user information (with the secret)", + "content": { + "application/json": { "schema": { - "type": "string", - "format": "date-time" + "$ref": "../schemas/user/create-user-response.json" } - }, - "cveIdGetFilteredTimeModifiedGt": { - "in": "query", - "name": "time_modified.gt", - "description": "Earliest CVE ID modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { "schema": { - "type": "string", - "format": "date-time" + "$ref": "../schemas/errors/bad-request.json" } - }, - "cveRecordFilteredTimeModifiedLt": { - "in": "query", - "name": "time_modified.lt", - "description": "Most recent CVE record modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { "schema": { - "type": "string", - "format": "date-time" + "$ref": "../schemas/errors/generic.json" } - }, - "cveRecordFilteredTimeModifiedGt": { - "in": "query", - "name": "time_modified.gt", - "description": "Earliest CVE record modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { "schema": { - "type": "string", - "format": "date-time" + "$ref": "../schemas/errors/generic.json" } - }, - "id_quota": { - "in": "query", - "name": "id_quota", - "description": "The new number of CVE IDs the organization is allowed to have in the RESERVED state at one time", - "required": false, + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { "schema": { - "type": "integer", - "format": "int32", - "minimum": 0, - "maximum": 100000 + "$ref": "../schemas/errors/generic.json" } - }, - "name": { - "in": "query", - "name": "name", - "description": "The new name for the organization", - "required": false, + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } + } + } + } + }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/create-user-request.json" + } + } + } + } + } + }, + "/org/{shortname}/user/{username}": { + "get": { + "tags": [ + "Users" + ], + "summary": "Retrieves information about a user for the specified username and organization short name (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves information about a user in the same organization

Secretariat: Retrieves any user's information

", + "operationId": "userSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "nameFirst": { - "in": "query", - "name": "name.first", - "description": "The new first name for the user entry", - "required": false, + "description": "The shortname of the organization" + }, + { + "name": "username", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The username of the user" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about the specified user", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/user/get-user-response.json" } - }, - "nameLast": { - "in": "query", - "name": "name.last", - "description": "The new last name for the user entry", - "required": false, + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/bad-request.json" } - }, - "nameMiddle": { - "in": "query", - "name": "name.middle", - "description": "The new middle name for the user entry", - "required": false, + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } - }, - "nameSuffix": { - "in": "query", - "name": "name.suffix", - "description": "The new suffix for the user entry", - "required": false, + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } - }, - "newShortname": { - "in": "query", - "name": "new_short_name", - "description": "The new shortname for the organization", - "required": false, + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } - }, - "newUsername": { - "in": "query", - "name": "new_username", - "description": "The new username for the user, preferably the user's email address. Must be 3-128 characters in length; allowed characters are alphanumeric and -_@.", - "required": false, + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } + } + } + } + } + }, + "put": { + "tags": [ + "Users" + ], + "summary": "Updates information about a user for the specified username and organization shortname (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular User: Updates the user's own information. Only name fields may be changed.

Admin User: Updates information about a user in the Admin's organization. Allowed to change all fields except org_short_name.

Secretariat: Updates information about a user in any organization. Allowed to change all fields.

", + "operationId": "userUpdateSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "name": "username", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "org": { - "in": "query", - "name": "org", - "description": "The shortname of the new owning_cna for the CVE ID", - "required": false, + "description": "The username of the user" + }, + { + "$ref": "#/components/parameters/active" + }, + { + "$ref": "#/components/parameters/activeUserRolesAdd" + }, + { + "$ref": "#/components/parameters/activeUserRolesRemove" + }, + { + "$ref": "#/components/parameters/nameFirst" + }, + { + "$ref": "#/components/parameters/nameLast" + }, + { + "$ref": "#/components/parameters/nameMiddle" + }, + { + "$ref": "#/components/parameters/nameSuffix" + }, + { + "$ref": "#/components/parameters/newUsername" + }, + { + "$ref": "#/components/parameters/orgShortname" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the updated user information", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/user/update-user-response.json" } - }, - "orgShortname": { - "in": "query", - "name": "org_short_name", - "description": "The new organization for the user", - "required": false, + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/bad-request.json" } - }, - "pageQuery": { - "in": "query", - "name": "page", - "description": "The current page in the paginator", - "required": false, + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { "schema": { - "type": "integer", - "format": "int32", - "minimum": 1 + "$ref": "../schemas/errors/generic.json" } - }, - "short_name": { - "in": "query", - "name": "short_name", - "description": "The CNA that will own the reserved CVE IDs", - "required": true, + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } - }, - "shortname": { - "in": "query", - "name": "shortname", - "description": "The new shortname for the organization", - "required": false, + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + } + } + }, + "/org/{shortname}/user/{username}/reset_secret": { + "put": { + "tags": [ + "Users" + ], + "summary": "Reset the API key for a user (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular User: Resets user's own API secret

Admin User: Resets any user's API secret in the Admin's organization

Secretariat: Resets any user's API secret

", + "operationId": "userResetSecret", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "state": { - "in": "query", - "name": "state", - "description": "The new state for the CVE ID", - "required": false, - "schema": { - "type": "string", - "enum": [ - "RESERVED", - "REJECTED" - ] + "description": "The shortname of the organization" + }, + { + "name": "username", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The username of the user" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the new API key", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/reset-secret-response.json" } + } } - }, - "examples": { - "publishedRecord": { - "value": { - "containers": { - "cna": { - "affected": [ - { - "vendor": "string", - "product": "string", - "versions": [ - { - "version": "string", - "status": "string" - } - ] - } - ], - "descriptions": [ - { - "lang": "string", - "value": "string" - } - ], - "problemTypes": [ - { - "descriptions": [ - { - "description": "string", - "lang": "string", - "type": "string" - } - ] - } - ], - "providerMetadata": { - "orgId": "string", - "shortName": "string", - "dateUpdated": "2022-05-13T14:26:39.293Z" - }, - "references": [ - { - "name": "string", - "tags": [ - "string" - ], - "url": "string" - } - ] - } - }, - "cveMetadata": { - "assignerOrgId": "string", - "cveId": "string", - "state": "string", - "assignerShortName": "string", - "requesterUserId": "string", - "dateReserved": "string", - "datePublished": "string" - }, - "dataType": "string", - "dataVersion": "string" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" } - }, - "rejectedRecord": { - "value": { - "containers": { - "cna": { - "rejectedReasons": [ - { - "lang": "string", - "value": "string", - "supportingMedia": [ - { - "type": "string", - "base64": false, - "value": "string" - } - ] - } - ], - "replacedBy": [ - "string" - ], - "providerMetadata": { - "orgId": "string", - "shortName": "string", - "dateUpdated": "2022-05-13T14:27:39.617Z" - } - } - }, - "cveMetadata": { - "assignerOrgId": "string", - "cveId": "string", - "state": "string", - "assignerShortName": "string", - "requesterUserId": "string", - "dateReserved": "string", - "datePublished": "string" - }, - "dataType": "string", - "dataVersion": "string" + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } - }, - "rejectedCreateCVERecord": { - "value": { - "message": "string", - "created": { - "containers": { - "cna": { - "rejectedReasons": [ - { - "lang": "string", - "value": "string", - "supportingMedia": [ - { - "type": "string", - "base64": false, - "value": "string" - } - ] - } - ], - "replacedBy": [ - "string" - ], - "providerMetadata": { - "orgId": "string", - "shortName": "string", - "dateUpdated": "2022-05-13T14:27:39.617Z" - } - } - }, - "cveMetadata": { - "assignerOrgId": "string", - "cveId": "string", - "state": "string", - "assignerShortName": "string", - "requesterUserId": "string", - "dateReserved": "string", - "datePublished": "string" - }, - "dataType": "string", - "dataVersion": "string" - } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + } + } + }, + "/users": { + "get": { + "tags": [ + "Users" + ], + "summary": "Retrieves information about all registered users (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves information about all users for all organizations

", + "operationId": "userAll", + "parameters": [ + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns all users, along with pagination fields if results span multiple pages of data.", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/list-users-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } + } + } + } + } + }, + "/health-check": { + "get": { + "tags": [ + "Utilities" + ], + "summary": "Checks that the system is running (accessible to all users)", + "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

Returns a 200 response code when CVE Services are running

", + "operationId": "healthCheck", + "parameters": [], + "responses": { + "200": { + "description": "Returns a 200 response code" + } + } + } + } + }, + "components": { + "parameters": { + "active": { + "in": "query", + "name": "active", + "description": "The new active state for the user entry. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", + "required": false, + "schema": { + "type": "boolean" + } + }, + "active_roles_add": { + "in": "query", + "name": "active_roles.add", + "description": "Add an active role to the organization", + "required": false, + "schema": { + "type": "string", + "enum": [ + "CNA", + "SECRETARIAT" + ] + } + }, + "active_roles_remove": { + "in": "query", + "name": "active_roles.remove", + "description": "Remove an active role from the organization", + "required": false, + "schema": { + "type": "string", + "enum": [ + "CNA", + "SECRETARIAT" + ] + } + }, + "activeUserRolesAdd": { + "in": "query", + "name": "active_roles.add", + "description": "Add an active role to the user", + "required": false, + "schema": { + "type": "string", + "enum": [ + "ADMIN" + ] + } + }, + "activeUserRolesRemove": { + "in": "query", + "name": "active_roles.remove", + "description": "Remove an active role from the user", + "required": false, + "schema": { + "type": "string", + "enum": [ + "ADMIN" + ] + } + }, + "apiEntityHeader": { + "in": "header", + "name": "CVE-API-ORG", + "description": "The shortname for the organization associated with the user requesting authentication", + "required": true, + "schema": { + "type": "string" + } + }, + "apiUserHeader": { + "in": "header", + "name": "CVE-API-USER", + "description": "The username for the account making the request", + "required": true, + "schema": { + "type": "string" + } + }, + "apiSecretHeader": { + "in": "header", + "name": "CVE-API-KEY", + "description": "The user's API key", + "required": true, + "schema": { + "type": "string" + } + }, + "amount": { + "in": "query", + "name": "amount", + "description": "Quantity of CVE IDs to reserve", + "required": true, + "schema": { + "type": "integer", + "format": "int32" + } + }, + "assigner": { + "in": "query", + "name": "assigner", + "description": "Filter by assigner org UUID", + "required": false, + "schema": { + "type": "string" + } + }, + "assignerShortName": { + "in": "query", + "name": "assigner_short_name", + "description": "Filter by assignerShortName", + "required": false, + "schema": { + "type": "string" + } + }, + "batch_type": { + "in": "query", + "name": "batch_type", + "description": "Required when amount is greater than one, determines whether the reserved CVE IDs should be sequential or non-sequential", + "required": false, + "schema": { + "type": "string", + "enum": [ + "sequential", + "non-sequential", + "nonsequential" + ] + } + }, + "countOnly": { + "in": "query", + "name": "count_only", + "description": "Get count of records that match query. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", + "required": false, + "schema": { + "type": "boolean" + } + }, + "nextPage": { + "in": "query", + "name": "next_page", + "description": "Key returned by a GET /cve_cursor call that must be used to get the next page of results in a subsequent call", + "required": false, + "schema": { + "type": "string" + } + }, + "previousPage": { + "in": "query", + "name": "previous_page", + "description": "Key returned by a GET /cve_cursor call that must be used to get the previous page of results in a subsequent call", + "required": false, + "schema": { + "type": "string" + } + }, + "limit": { + "in": "query", + "name": "limit", + "description": "CVE records to return per page. Must be between 1-500. ", + "required": false, + "schema": { + "type": "integer" + } + }, + "cnaModified": { + "in": "query", + "name": "cna_modified", + "description": "Only get CVE records with cnaContainers that have been modified/created within the set time_modified range. Requires at least one time_modified parameter set", + "required": false, + "schema": { + "type": "boolean" + } + }, + "adpShortName": { + "in": "query", + "name": "adp_short_name", + "description": "Only get CVE records that have an adpContainer owned by this org.", + "required": false, + "schema": { + "type": "string" + } + }, + "cveState": { + "in": "query", + "name": "state", + "description": "Filter by state", + "schema": { + "type": "string", + "enum": [ + "PUBLISHED", + "REJECTED" + ] + } + }, + "cve_year": { + "in": "query", + "name": "cve_year", + "description": "The year the CVE IDs will be reserved for (i.e., 1999, ..., currentYear + 1)", + "required": true, + "schema": { + "type": "integer", + "format": "int32" + } + }, + "cveIdGetFilteredState": { + "in": "query", + "name": "state", + "description": "Filter by state ", + "required": false, + "schema": { + "type": "string", + "enum": [ + "RESERVED", + "PUBLISHED", + "REJECTED" + ] + } + }, + "cveIdGetFilteredCveIdYear": { + "in": "query", + "name": "cve_id_year", + "description": "Filter by the year of the CVE IDs", + "required": false, + "schema": { + "type": "string" + } + }, + "cveIdGetFilteredTimeReservedLt": { + "in": "query", + "name": "time_reserved.lt", + "description": "Most recent reserved timestamp to retrieve. Include with all requests potentially returning multiple pages of CVE IDs to avoid issues if new IDs are reserved during use.

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, + "schema": { + "type": "string", + "format": "date-time" + } + }, + "cveIdGetFilteredTimeReservedGt": { + "in": "query", + "name": "time_reserved.gt", + "description": "Earliest CVE ID reserved timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, + "schema": { + "type": "string", + "format": "date-time" + } + }, + "cveIdGetFilteredTimeModifiedLt": { + "in": "query", + "name": "time_modified.lt", + "description": "Most recent modified timestamp to retrieve. Include with all requests using a time_modified.gt filter potentially returning multiple pages of CVE IDs. This will avoid issues if IDs are reserved or modified during use.

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, + "schema": { + "type": "string", + "format": "date-time" + } + }, + "cveIdGetFilteredTimeModifiedGt": { + "in": "query", + "name": "time_modified.gt", + "description": "Earliest CVE ID modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, + "schema": { + "type": "string", + "format": "date-time" + } + }, + "cveRecordFilteredTimeModifiedLt": { + "in": "query", + "name": "time_modified.lt", + "description": "Most recent CVE record modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, + "schema": { + "type": "string", + "format": "date-time" + } + }, + "cveRecordFilteredTimeModifiedGt": { + "in": "query", + "name": "time_modified.gt", + "description": "Earliest CVE record modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, + "schema": { + "type": "string", + "format": "date-time" + } + }, + "id_quota": { + "in": "query", + "name": "id_quota", + "description": "The new number of CVE IDs the organization is allowed to have in the RESERVED state at one time", + "required": false, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 100000 + } + }, + "name": { + "in": "query", + "name": "name", + "description": "The new name for the organization", + "required": false, + "schema": { + "type": "string" + } + }, + "nameFirst": { + "in": "query", + "name": "name.first", + "description": "The new first name for the user entry", + "required": false, + "schema": { + "type": "string" + } + }, + "nameLast": { + "in": "query", + "name": "name.last", + "description": "The new last name for the user entry", + "required": false, + "schema": { + "type": "string" + } + }, + "nameMiddle": { + "in": "query", + "name": "name.middle", + "description": "The new middle name for the user entry", + "required": false, + "schema": { + "type": "string" + } + }, + "nameSuffix": { + "in": "query", + "name": "name.suffix", + "description": "The new suffix for the user entry", + "required": false, + "schema": { + "type": "string" + } + }, + "newShortname": { + "in": "query", + "name": "new_short_name", + "description": "The new shortname for the organization", + "required": false, + "schema": { + "type": "string" + } + }, + "newUsername": { + "in": "query", + "name": "new_username", + "description": "The new username for the user, preferably the user's email address. Must be 3-128 characters in length; allowed characters are alphanumeric and -_@.", + "required": false, + "schema": { + "type": "string" + } + }, + "org": { + "in": "query", + "name": "org", + "description": "The shortname of the new owning_cna for the CVE ID", + "required": false, + "schema": { + "type": "string" + } + }, + "orgShortname": { + "in": "query", + "name": "org_short_name", + "description": "The new organization for the user", + "required": false, + "schema": { + "type": "string" + } + }, + "pageQuery": { + "in": "query", + "name": "page", + "description": "The current page in the paginator", + "required": false, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 1 + } + }, + "short_name": { + "in": "query", + "name": "short_name", + "description": "The CNA that will own the reserved CVE IDs", + "required": true, + "schema": { + "type": "string" + } + }, + "shortname": { + "in": "query", + "name": "shortname", + "description": "The new shortname for the organization", + "required": false, + "schema": { + "type": "string" + } + }, + "state": { + "in": "query", + "name": "state", + "description": "The new state for the CVE ID", + "required": false, + "schema": { + "type": "string", + "enum": [ + "RESERVED", + "REJECTED" + ] + } + } + }, + "examples": { + "publishedRecord": { + "value": { + "containers": { + "cna": { + "affected": [ + { + "vendor": "string", + "product": "string", + "versions": [ + { + "version": "string", + "status": "string" + } + ] + } + ], + "descriptions": [ + { + "lang": "string", + "value": "string" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "description": "string", + "lang": "string", + "type": "string" + } + ] + } + ], + "providerMetadata": { + "orgId": "string", + "shortName": "string", + "dateUpdated": "2022-05-13T14:26:39.293Z" + }, + "references": [ + { + "name": "string", + "tags": [ + "string" + ], + "url": "string" + } + ] + } + }, + "cveMetadata": { + "assignerOrgId": "string", + "cveId": "string", + "state": "string", + "assignerShortName": "string", + "requesterUserId": "string", + "dateReserved": "string", + "datePublished": "string" + }, + "dataType": "string", + "dataVersion": "string" + } + }, + "rejectedRecord": { + "value": { + "containers": { + "cna": { + "rejectedReasons": [ + { + "lang": "string", + "value": "string", + "supportingMedia": [ + { + "type": "string", + "base64": false, + "value": "string" + } + ] + } + ], + "replacedBy": [ + "string" + ], + "providerMetadata": { + "orgId": "string", + "shortName": "string", + "dateUpdated": "2022-05-13T14:27:39.617Z" + } } + }, + "cveMetadata": { + "assignerOrgId": "string", + "cveId": "string", + "state": "string", + "assignerShortName": "string", + "requesterUserId": "string", + "dateReserved": "string", + "datePublished": "string" + }, + "dataType": "string", + "dataVersion": "string" + } + }, + "rejectedCreateCVERecord": { + "value": { + "message": "string", + "created": { + "containers": { + "cna": { + "rejectedReasons": [ + { + "lang": "string", + "value": "string", + "supportingMedia": [ + { + "type": "string", + "base64": false, + "value": "string" + } + ] + } + ], + "replacedBy": [ + "string" + ], + "providerMetadata": { + "orgId": "string", + "shortName": "string", + "dateUpdated": "2022-05-13T14:27:39.617Z" + } + } + }, + "cveMetadata": { + "assignerOrgId": "string", + "cveId": "string", + "state": "string", + "assignerShortName": "string", + "requesterUserId": "string", + "dateReserved": "string", + "datePublished": "string" + }, + "dataType": "string", + "dataVersion": "string" + } } + } } + } } \ No newline at end of file From 62f5c82e38109abfbcd9f4b4be15a0d07434e485 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Thu, 16 May 2024 12:21:59 -0400 Subject: [PATCH 2/3] Updating cve/{id}/reject to update dataVersion --- src/controller/cve.controller/cve.controller.js | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/controller/cve.controller/cve.controller.js b/src/controller/cve.controller/cve.controller.js index be59db65..d8e62db7 100644 --- a/src/controller/cve.controller/cve.controller.js +++ b/src/controller/cve.controller/cve.controller.js @@ -723,9 +723,15 @@ async function rejectExistingCve (req, res, next) { const providerMetadata = createProviderMetadata(providerOrgObj.UUID, req.ctx.org, (new Date()).toISOString()) + // Update dataVersion to current schema version + if (result.cve.dataVersion !== CONSTANTS.SCHEMA_VERSION) { + result.cve.dataVersion = CONSTANTS.SCHEMA_VERSION + } + // update CVE record to rejected const updatedRecord = Cve.updateCveToRejected(id, providerMetadata, result.cve, req.ctx.body) const updatedCve = new Cve({ cve: updatedRecord }) + result = Cve.validateCveRecord(updatedCve.cve) if (!result.isValid) { logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' })) From b20c81c307259800835ffc7262ae9ad938acc12f Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Thu, 16 May 2024 12:22:52 -0400 Subject: [PATCH 3/3] updated version to 2.3.2 --- api-docs/openapi.json | 6636 ++++++++++++++++++++--------------------- package-lock.json | 4 +- src/swagger.js | 2 +- 3 files changed, 3321 insertions(+), 3321 deletions(-) diff --git a/api-docs/openapi.json b/api-docs/openapi.json index e7cc8041..4ce4f48e 100644 --- a/api-docs/openapi.json +++ b/api-docs/openapi.json @@ -1,3480 +1,3480 @@ { - "openapi": "3.0.2", - "info": { - "version": "2.3.1", - "title": "CVE Services API", - "description": "The CVE Services API supports automation tooling for the CVE Program. Credentials are required for most service endpoints. Representatives of CVE Numbering Authorities (CNAs) should use one of the methods below to obtain credentials:
  • If your organization already has an Organizational Administrator (OA) account for the CVE Services, ask your admin for credentials
  • Contact your Root (Google, INCIBE, JPCERT/CC, or Red Hat) or Top-Level Root (CISA ICS or MITRE) to request credentials

CVE data is to be in the JSON 5.1 CVE Record format. Details of the JSON 5.1 schema are located here.

Contact the CVE Services team", - "contact": { - "name": "CVE Services Overview", - "url": "https://cveproject.github.io/automation-cve-services#services-overview" - } - }, - "servers": [ - { - "url": "https://cveawg-dev.mitre.org/api" - } - ], - "paths": { - "/cve-id": { - "get": { - "tags": [ - "CVE ID" - ], - "summary": "Retrieves information about CVE IDs after applying the query parameters as filters (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves filtered CVE IDs owned by the user's organization

Secretariat: Retrieves filtered CVE IDs owned by any organization

", - "operationId": "cveIdGetFiltered", - "parameters": [ - { - "$ref": "#/components/parameters/cveIdGetFilteredState" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredCveIdYear" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedLt" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedGt" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedLt" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedGt" - }, - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "A filtered list of information about CVE IDs owned by the organization, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/list-cve-ids-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - } - }, - "post": { - "tags": [ - "CVE ID" - ], - "summary": "Reserves CVE IDs for the organization provided in the short_name query parameter (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Reserves CVE IDs for the CNA

Secretariat: Reserves CVE IDs for any organization

", - "operationId": "cveIdReserve", - "parameters": [ - { - "$ref": "#/components/parameters/amount" - }, - { - "$ref": "#/components/parameters/batch_type" - }, - { - "$ref": "#/components/parameters/cve_year" - }, - { - "$ref": "#/components/parameters/short_name" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "A list of the newly reserved CVE IDs", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/create-cve-ids-response.json" - } - } - } - }, - "206": { - "description": "A partial list of the CVE IDs the IDR service managed to reserve before encountering a case where no more CVE IDs could be reserved", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/create-cve-ids-partial-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + "openapi": "3.0.2", + "info": { + "version": "2.3.2", + "title": "CVE Services API", + "description": "The CVE Services API supports automation tooling for the CVE Program. Credentials are required for most service endpoints. Representatives of CVE Numbering Authorities (CNAs) should use one of the methods below to obtain credentials:
  • If your organization already has an Organizational Administrator (OA) account for the CVE Services, ask your admin for credentials
  • Contact your Root (Google, INCIBE, JPCERT/CC, or Red Hat) or Top-Level Root (CISA ICS or MITRE) to request credentials

CVE data is to be in the JSON 5.1 CVE Record format. Details of the JSON 5.1 schema are located here.

Contact the CVE Services team", + "contact": { + "name": "CVE Services Overview", + "url": "https://cveproject.github.io/automation-cve-services#services-overview" } - } }, - "/cve-id/{id}": { - "get": { - "tags": [ - "CVE ID" - ], - "summary": "Retrieves information about the specified CVE ID (accessible to all users)", - "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

Regular, CNA & Admin Users: Retrieves full information about a CVE ID owned by their organization; partial information about a CVE ID owned by other organizations

Unauthenticated Users: Retrieves partial information about a CVE ID

Secretariat: Retrieves full information about a CVE ID owned by any organization

Note - The owning organization of RESERVED CVE IDs is redacted for all users other than those in the owning organization or Secretariat

", - "operationId": "cveIdGetSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The id of the CVE ID information to retrieve" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The requested CVE ID information is returned", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/get-cve-id-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "429": { - "description": "Too Many Requests", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - } - }, - "put": { - "tags": [ - "CVE ID" - ], - "summary": "Updates information related to the specified CVE ID (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates information related to a CVE ID owned by the CNA

Secretariat: Updates a CVE ID owned by any organization

", - "operationId": "cveIdUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The id of the CVE ID to update" - }, - { - "$ref": "#/components/parameters/org" - }, - { - "$ref": "#/components/parameters/state" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE ID information is returned", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/update-cve-id-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - } - } - }, - "/cve-id-range/{year}": { - "post": { - "tags": [ - "CVE ID" - ], - "summary": "Creates a CVE-ID-Range for the specified year (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates a CVE-ID-Range for the specified year

", - "operationId": "cveIdRangeCreate", - "parameters": [ - { - "name": "year", - "in": "path", - "required": true, - "schema": { - "type": "integer" - }, - "description": "The year of the CVE-ID-Range" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The CVE-ID-Range was created" - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - } - } - }, - "/cve/{id}": { - "get": { - "tags": [ - "CVE Record" - ], - "summary": "Returns a CVE Record by CVE ID (accessible to all users)", - "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

All users: Retrieves the CVE Record specified

", - "operationId": "cveGetSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the Record to be retrieved" - } - ], - "responses": { - "200": { - "description": "The requested CVE Record", - "content": { - "application/json": { - "schema": { - "oneOf": [ + "servers": [ + { + "url": "https://cveawg-dev.mitre.org/api" + } + ], + "paths": { + "/cve-id": { + "get": { + "tags": [ + "CVE ID" + ], + "summary": "Retrieves information about CVE IDs after applying the query parameters as filters (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves filtered CVE IDs owned by the user's organization

Secretariat: Retrieves filtered CVE IDs owned by any organization

", + "operationId": "cveIdGetFiltered", + "parameters": [ + { + "$ref": "#/components/parameters/cveIdGetFilteredState" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredCveIdYear" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedLt" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedGt" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedLt" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedGt" + }, + { + "$ref": "#/components/parameters/pageQuery" + }, { - "$ref": "../schemas/cve/get-cve-record-response.json" + "$ref": "#/components/parameters/apiEntityHeader" }, { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "A filtered list of information about CVE IDs owned by the organization, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/list-cve-ids-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } } - ] - }, - "examples": { - "Published Record": { - "$ref": "#/components/examples/publishedRecord" - }, - "Rejected Record": { - "$ref": "#/components/examples/rejectedRecord" - } - } - } - } - }, - "400": { - "description": "Bad Request", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" } - } - } - }, - "403": { - "description": "Forbidden", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "429": { - "description": "Too Many Requests", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "post": { + "tags": [ + "CVE ID" + ], + "summary": "Reserves CVE IDs for the organization provided in the short_name query parameter (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Reserves CVE IDs for the CNA

Secretariat: Reserves CVE IDs for any organization

", + "operationId": "cveIdReserve", + "parameters": [ + { + "$ref": "#/components/parameters/amount" + }, + { + "$ref": "#/components/parameters/batch_type" + }, + { + "$ref": "#/components/parameters/cve_year" + }, + { + "$ref": "#/components/parameters/short_name" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "A list of the newly reserved CVE IDs", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/create-cve-ids-response.json" + } + } + } + }, + "206": { + "description": "A partial list of the CVE IDs the IDR service managed to reserve before encountering a case where no more CVE IDs could be reserved", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/create-cve-ids-partial-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "500": { - "description": "Internal Server Error", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/cve-id/{id}": { + "get": { + "tags": [ + "CVE ID" + ], + "summary": "Retrieves information about the specified CVE ID (accessible to all users)", + "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

Regular, CNA & Admin Users: Retrieves full information about a CVE ID owned by their organization; partial information about a CVE ID owned by other organizations

Unauthenticated Users: Retrieves partial information about a CVE ID

Secretariat: Retrieves full information about a CVE ID owned by any organization

Note - The owning organization of RESERVED CVE IDs is redacted for all users other than those in the owning organization or Secretariat

", + "operationId": "cveIdGetSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the CVE ID information to retrieve" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The requested CVE ID information is returned", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/get-cve-id-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "429": { + "description": "Too Many Requests", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } - } - } - } - }, - "post": { - "tags": [ - "CVE Record" - ], - "summary": "Creates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates a CVE Record for any organization

", - "operationId": "cveSubmit", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The CVE ID for the record being submitted" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The CVE Record created", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "put": { + "tags": [ + "CVE ID" + ], + "summary": "Updates information related to the specified CVE ID (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates information related to a CVE ID owned by the CNA

Secretariat: Updates a CVE ID owned by any organization

", + "operationId": "cveIdUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the CVE ID to update" + }, + { + "$ref": "#/components/parameters/org" + }, + { + "$ref": "#/components/parameters/state" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE ID information is returned", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/update-cve-id-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - } }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" - } - } - } - } - }, - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Updates a CVE Record for any organization

", - "operationId": "cveUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being updated" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-full-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "/cve-id-range/{year}": { + "post": { + "tags": [ + "CVE ID" + ], + "summary": "Creates a CVE-ID-Range for the specified year (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates a CVE-ID-Range for the specified year

", + "operationId": "cveIdRangeCreate", + "parameters": [ + { + "name": "year", + "in": "path", + "required": true, + "schema": { + "type": "integer" + }, + "description": "The year of the CVE-ID-Range" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The CVE-ID-Range was created" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/cve/{id}": { + "get": { + "tags": [ + "CVE Record" + ], + "summary": "Returns a CVE Record by CVE ID (accessible to all users)", + "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

All users: Retrieves the CVE Record specified

", + "operationId": "cveGetSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the Record to be retrieved" + } + ], + "responses": { + "200": { + "description": "The requested CVE Record", + "content": { + "application/json": { + "schema": { + "oneOf": [ + { + "$ref": "../schemas/cve/get-cve-record-response.json" + }, + { + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + } + ] + }, + "examples": { + "Published Record": { + "$ref": "#/components/examples/publishedRecord" + }, + "Rejected Record": { + "$ref": "#/components/examples/rejectedRecord" + } + } + } + } + }, + "400": { + "description": "Bad Request", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "429": { + "description": "Too Many Requests", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } - } - } - }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" - } - } - } - } - } - }, - "/cve": { - "get": { - "tags": [ - "CVE Record" - ], - "summary": "Retrieves all CVE Records after applying the query parameters as filters (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves all CVE records for all organizations

", - "operationId": "cveGetFiltered", - "parameters": [ - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" - }, - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" - }, - { - "$ref": "#/components/parameters/cveState" - }, - { - "$ref": "#/components/parameters/countOnly" - }, - { - "$ref": "#/components/parameters/assignerShortName" - }, - { - "$ref": "#/components/parameters/assigner" - }, - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/cnaModified" - }, - { - "$ref": "#/components/parameters/adpShortName" - } - ], - "responses": { - "200": { - "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "oneOf": [ + }, + "post": { + "tags": [ + "CVE Record" + ], + "summary": "Creates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates a CVE Record for any organization

", + "operationId": "cveSubmit", + "parameters": [ { - "$ref": "../schemas/cve/list-cve-records-response.json" + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being submitted" }, { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" - } - ] - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Unauthorized" - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - } - } - }, - "/cve_cursor": { - "get": { - "tags": [ - "CVE Record" - ], - "summary": "Retrieves all CVE Records after applying the query parameters as filters. Uses cursor pagination to paginate results (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves all CVE records for all organizations

", - "operationId": "cveGetFilteredCursor", - "parameters": [ - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" - }, - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" - }, - { - "$ref": "#/components/parameters/cveState" - }, - { - "$ref": "#/components/parameters/countOnly" - }, - { - "$ref": "#/components/parameters/assignerShortName" - }, - { - "$ref": "#/components/parameters/assigner" - }, - { - "$ref": "#/components/parameters/cnaModified" - }, - { - "$ref": "#/components/parameters/adpShortName" - }, - { - "$ref": "#/components/parameters/nextPage" - }, - { - "$ref": "#/components/parameters/previousPage" - }, - { - "$ref": "#/components/parameters/limit" - } - ], - "responses": { - "200": { - "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "oneOf": [ + "$ref": "#/components/parameters/apiEntityHeader" + }, { - "$ref": "../schemas/cve/cursor-cve-records-response.json" + "$ref": "#/components/parameters/apiUserHeader" }, { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The CVE Record created", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" + } + } } - ] - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Unauthorized" - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" } - } - } - } - } - } - }, - "/cve/{id}/cna": { - "post": { - "tags": [ - "CVE Record" - ], - "summary": "Creates a CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Creates CVE Record for a CVE ID owned by their organization

Secretariat: Creates CVE Record for CVE IDs owned by any organization

", - "operationId": "cveCnaCreateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The CVE ID for the record being created" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The CVE Record created", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Updates a CVE Record for any organization

", + "operationId": "cveUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being updated" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-full-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" + } + } + } } - } } - } }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-cna-request.json" - } - } - } - } - }, - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates the CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates a CVE Record for records that are owned by their organization

Secretariat: Updates a CVE Record for records that are owned by any organization

", - "operationId": "cveCnaUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for which the record is being updated" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-full-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "/cve": { + "get": { + "tags": [ + "CVE Record" + ], + "summary": "Retrieves all CVE Records after applying the query parameters as filters (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves all CVE records for all organizations

", + "operationId": "cveGetFiltered", + "parameters": [ + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" + }, + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" + }, + { + "$ref": "#/components/parameters/cveState" + }, + { + "$ref": "#/components/parameters/countOnly" + }, + { + "$ref": "#/components/parameters/assignerShortName" + }, + { + "$ref": "#/components/parameters/assigner" + }, + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/cnaModified" + }, + { + "$ref": "#/components/parameters/adpShortName" + } + ], + "responses": { + "200": { + "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "oneOf": [ + { + "$ref": "../schemas/cve/list-cve-records-response.json" + }, + { + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + } + ] + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Unauthorized" + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - } }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-cna-request.json" - } - } - } - } - } - }, - "/cve/{id}/reject": { - "post": { - "tags": [ - "CVE Record" - ], - "summary": "Creates a rejected CVE Record for the specified ID if no record yet exists (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Creates a rejected CVE Record for a record owned by their organization

Secretariat: Creates a rejected CVE Record for a record owned by any organization

", - "operationId": "cveCnaCreateReject", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being rejected" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The rejected CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "/cve_cursor": { + "get": { + "tags": [ + "CVE Record" + ], + "summary": "Retrieves all CVE Records after applying the query parameters as filters. Uses cursor pagination to paginate results (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves all CVE records for all organizations

", + "operationId": "cveGetFilteredCursor", + "parameters": [ + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" + }, + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" + }, + { + "$ref": "#/components/parameters/cveState" + }, + { + "$ref": "#/components/parameters/countOnly" + }, + { + "$ref": "#/components/parameters/assignerShortName" + }, + { + "$ref": "#/components/parameters/assigner" + }, + { + "$ref": "#/components/parameters/cnaModified" + }, + { + "$ref": "#/components/parameters/adpShortName" + }, + { + "$ref": "#/components/parameters/nextPage" + }, + { + "$ref": "#/components/parameters/previousPage" + }, + { + "$ref": "#/components/parameters/limit" + } + ], + "responses": { + "200": { + "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "oneOf": [ + { + "$ref": "../schemas/cve/cursor-cve-records-response.json" + }, + { + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + } + ] + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Unauthorized" + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - } }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-rejection-request.json" - } - } - } - } - }, - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates an existing CVE Record with a rejected record for the specified ID (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates a rejected CVE Record for a record owned by their organization

Secretariat: Updates a rejected CVE Record for a record owned by any organization

", - "operationId": "cveCnaUpdateReject", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being rejected" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The rejected CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-cve-record-rejection-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "/cve/{id}/cna": { + "post": { + "tags": [ + "CVE Record" + ], + "summary": "Creates a CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Creates CVE Record for a CVE ID owned by their organization

Secretariat: Creates CVE Record for CVE IDs owned by any organization

", + "operationId": "cveCnaCreateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being created" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The CVE Record created", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-cna-request.json" + } + } + } } - } - } - } - }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-cve-record-rejection-request.json" - } - } - } - } - } - }, - "/cve/{id}/adp": { - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates the CVE Record from ADP Container JSON for the specified ID (accessible to ADPs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the ADP or Secretariat role

Expected Behavior

ADP: Updates a CVE Record for records that are owned by any organization

Secretariat: Updates a CVE Record for records that are owned by any organization

", - "operationId": "cveAdpUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The CVE ID for which the record is being updated" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/cve/update-full-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates the CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates a CVE Record for records that are owned by their organization

Secretariat: Updates a CVE Record for records that are owned by any organization

", + "operationId": "cveCnaUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for which the record is being updated" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-full-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-cna-request.json" + } + } + } } - } } - } }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/cve/create-adp-record-adp-request.json" - } - } - } - } - } - }, - "/org": { - "get": { - "tags": [ - "Organization" - ], - "summary": "Retrieves all organizations (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves information about all organizations

", - "operationId": "orgAll", - "parameters": [ - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about all organizations, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/list-orgs-response.json" + "/cve/{id}/reject": { + "post": { + "tags": [ + "CVE Record" + ], + "summary": "Creates a rejected CVE Record for the specified ID if no record yet exists (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Creates a rejected CVE Record for a record owned by their organization

Secretariat: Creates a rejected CVE Record for a record owned by any organization

", + "operationId": "cveCnaCreateReject", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being rejected" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The rejected CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-rejection-request.json" + } + } + } } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" + }, + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates an existing CVE Record with a rejected record for the specified ID (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates a rejected CVE Record for a record owned by their organization

Secretariat: Updates a rejected CVE Record for a record owned by any organization

", + "operationId": "cveCnaUpdateReject", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being rejected" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The rejected CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-cve-record-rejection-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-cve-record-rejection-request.json" + } + } + } } - } } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/cve/{id}/adp": { + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates the CVE Record from ADP Container JSON for the specified ID (accessible to ADPs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the ADP or Secretariat role

Expected Behavior

ADP: Updates a CVE Record for records that are owned by any organization

Secretariat: Updates a CVE Record for records that are owned by any organization

", + "operationId": "cveAdpUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for which the record is being updated" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/cve/update-full-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/cve/create-adp-record-adp-request.json" + } + } + } } - } } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/org": { + "get": { + "tags": [ + "Organization" + ], + "summary": "Retrieves all organizations (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves information about all organizations

", + "operationId": "orgAll", + "parameters": [ + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about all organizations, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/list-orgs-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "post": { + "tags": [ + "Organization" + ], + "summary": "Creates an organization as specified in the request body (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates an organization

", + "operationId": "orgCreateSingle", + "parameters": [ + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about the organization created", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/create-org-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/create-org-request.json" + } + } + } } - } } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/org/{identifier}": { + "get": { + "tags": [ + "Organization" + ], + "summary": "Retrieves information about the organization specified by short name or UUID (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves organization record for the specified shortname or UUID if it is the user's organization

Secretariat: Retrieves information about any organization

", + "operationId": "orgSingle", + "parameters": [ + { + "name": "identifier", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname or UUID of the organization" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the organization information", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/get-org-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - } - } - }, - "post": { - "tags": [ - "Organization" - ], - "summary": "Creates an organization as specified in the request body (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates an organization

", - "operationId": "orgCreateSingle", - "parameters": [ - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about the organization created", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/create-org-response.json" + }, + "/org/{shortname}": { + "put": { + "tags": [ + "Organization" + ], + "summary": "Updates information about the organization specified by short name (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Updates any organization's information

", + "operationId": "orgUpdateSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/id_quota" + }, + { + "$ref": "#/components/parameters/name" + }, + { + "$ref": "#/components/parameters/newShortname" + }, + { + "$ref": "#/components/parameters/active_roles_add" + }, + { + "$ref": "#/components/parameters/active_roles_remove" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about the organization updated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/update-org-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" + }, + "/org/{shortname}/id_quota": { + "get": { + "tags": [ + "Organization" + ], + "summary": "Retrieves an organization's CVE ID quota (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves the CVE ID quota for the user's organization

Secretariat: Retrieves the CVE ID quota for any organization

", + "operationId": "orgIdQuota", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the CVE ID quota for an organization", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/get-org-quota-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/org/{shortname}/users": { + "get": { + "tags": [ + "Users" + ], + "summary": "Retrieves all users for the organization with the specified short name (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves information about users in the same organization

Secretariat: Retrieves all user information for any organization

", + "operationId": "userOrgAll", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns all users for the organization, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/list-users-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/org/{shortname}/user": { + "post": { + "tags": [ + "Users" + ], + "summary": "Create a user with the provided short name as the owning organization (accessible to Admins and Secretariats)", + "description": "

Access Control

User must belong to an organization with the Secretariat role or be an Admin of the organization

Expected Behavior

Admin User: Creates a user for the Admin's organization

Secretariat: Creates a user for any organization

", + "operationId": "userCreateSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the new user information (with the secret)", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/create-user-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/create-user-request.json" + } + } + } } - } } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/org/{shortname}/user/{username}": { + "get": { + "tags": [ + "Users" + ], + "summary": "Retrieves information about a user for the specified username and organization short name (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves information about a user in the same organization

Secretariat: Retrieves any user's information

", + "operationId": "userSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "name": "username", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The username of the user" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about the specified user", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/get-user-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "put": { + "tags": [ + "Users" + ], + "summary": "Updates information about a user for the specified username and organization shortname (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular User: Updates the user's own information. Only name fields may be changed.

Admin User: Updates information about a user in the Admin's organization. Allowed to change all fields except org_short_name.

Secretariat: Updates information about a user in any organization. Allowed to change all fields.

", + "operationId": "userUpdateSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "name": "username", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The username of the user" + }, + { + "$ref": "#/components/parameters/active" + }, + { + "$ref": "#/components/parameters/activeUserRolesAdd" + }, + { + "$ref": "#/components/parameters/activeUserRolesRemove" + }, + { + "$ref": "#/components/parameters/nameFirst" + }, + { + "$ref": "#/components/parameters/nameLast" + }, + { + "$ref": "#/components/parameters/nameMiddle" + }, + { + "$ref": "#/components/parameters/nameSuffix" + }, + { + "$ref": "#/components/parameters/newUsername" + }, + { + "$ref": "#/components/parameters/orgShortname" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the updated user information", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/update-user-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - } }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/create-org-request.json" - } - } - } - } - } - }, - "/org/{identifier}": { - "get": { - "tags": [ - "Organization" - ], - "summary": "Retrieves information about the organization specified by short name or UUID (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves organization record for the specified shortname or UUID if it is the user's organization

Secretariat: Retrieves information about any organization

", - "operationId": "orgSingle", - "parameters": [ - { - "name": "identifier", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname or UUID of the organization" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the organization information", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/get-org-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "/org/{shortname}/user/{username}/reset_secret": { + "put": { + "tags": [ + "Users" + ], + "summary": "Reset the API key for a user (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular User: Resets user's own API secret

Admin User: Resets any user's API secret in the Admin's organization

Secretariat: Resets any user's API secret

", + "operationId": "userResetSecret", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "name": "username", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The username of the user" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the new API key", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/reset-secret-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/users": { + "get": { + "tags": [ + "Users" + ], + "summary": "Retrieves information about all registered users (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves information about all users for all organizations

", + "operationId": "userAll", + "parameters": [ + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns all users, along with pagination fields if results span multiple pages of data.", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/list-users-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/health-check": { + "get": { + "tags": [ + "Utilities" + ], + "summary": "Checks that the system is running (accessible to all users)", + "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

Returns a 200 response code when CVE Services are running

", + "operationId": "healthCheck", + "parameters": [], + "responses": { + "200": { + "description": "Returns a 200 response code" + } } - } } - } } - } }, - "/org/{shortname}": { - "put": { - "tags": [ - "Organization" - ], - "summary": "Updates information about the organization specified by short name (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Updates any organization's information

", - "operationId": "orgUpdateSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/id_quota" - }, - { - "$ref": "#/components/parameters/name" - }, - { - "$ref": "#/components/parameters/newShortname" - }, - { - "$ref": "#/components/parameters/active_roles_add" - }, - { - "$ref": "#/components/parameters/active_roles_remove" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about the organization updated", - "content": { - "application/json": { + "components": { + "parameters": { + "active": { + "in": "query", + "name": "active", + "description": "The new active state for the user entry. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", + "required": false, "schema": { - "$ref": "../schemas/org/update-org-response.json" + "type": "boolean" } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "active_roles_add": { + "in": "query", + "name": "active_roles.add", + "description": "Add an active role to the organization", + "required": false, + "schema": { + "type": "string", + "enum": [ + "CNA", + "SECRETARIAT" + ] } - } - } - } - } - } - }, - "/org/{shortname}/id_quota": { - "get": { - "tags": [ - "Organization" - ], - "summary": "Retrieves an organization's CVE ID quota (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves the CVE ID quota for the user's organization

Secretariat: Retrieves the CVE ID quota for any organization

", - "operationId": "orgIdQuota", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the CVE ID quota for an organization", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/get-org-quota-response.json" + "active_roles_remove": { + "in": "query", + "name": "active_roles.remove", + "description": "Remove an active role from the organization", + "required": false, + "schema": { + "type": "string", + "enum": [ + "CNA", + "SECRETARIAT" + ] } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" + }, + "activeUserRolesAdd": { + "in": "query", + "name": "active_roles.add", + "description": "Add an active role to the user", + "required": false, + "schema": { + "type": "string", + "enum": [ + "ADMIN" + ] } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "activeUserRolesRemove": { + "in": "query", + "name": "active_roles.remove", + "description": "Remove an active role from the user", + "required": false, + "schema": { + "type": "string", + "enum": [ + "ADMIN" + ] } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { + }, + "apiEntityHeader": { + "in": "header", + "name": "CVE-API-ORG", + "description": "The shortname for the organization associated with the user requesting authentication", + "required": true, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { + }, + "apiUserHeader": { + "in": "header", + "name": "CVE-API-USER", + "description": "The username for the account making the request", + "required": true, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { + }, + "apiSecretHeader": { + "in": "header", + "name": "CVE-API-KEY", + "description": "The user's API key", + "required": true, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - } - } - } - }, - "/org/{shortname}/users": { - "get": { - "tags": [ - "Users" - ], - "summary": "Retrieves all users for the organization with the specified short name (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves information about users in the same organization

Secretariat: Retrieves all user information for any organization

", - "operationId": "userOrgAll", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns all users for the organization, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { + "amount": { + "in": "query", + "name": "amount", + "description": "Quantity of CVE IDs to reserve", + "required": true, "schema": { - "$ref": "../schemas/user/list-users-response.json" + "type": "integer", + "format": "int32" } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { + }, + "assigner": { + "in": "query", + "name": "assigner", + "description": "Filter by assigner org UUID", + "required": false, "schema": { - "$ref": "../schemas/errors/bad-request.json" + "type": "string" } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { + }, + "assignerShortName": { + "in": "query", + "name": "assigner_short_name", + "description": "Filter by assignerShortName", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "batch_type": { + "in": "query", + "name": "batch_type", + "description": "Required when amount is greater than one, determines whether the reserved CVE IDs should be sequential or non-sequential", + "required": false, + "schema": { + "type": "string", + "enum": [ + "sequential", + "non-sequential", + "nonsequential" + ] } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { + }, + "countOnly": { + "in": "query", + "name": "count_only", + "description": "Get count of records that match query. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "boolean" } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { + }, + "nextPage": { + "in": "query", + "name": "next_page", + "description": "Key returned by a GET /cve_cursor call that must be used to get the next page of results in a subsequent call", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - } - } - } - }, - "/org/{shortname}/user": { - "post": { - "tags": [ - "Users" - ], - "summary": "Create a user with the provided short name as the owning organization (accessible to Admins and Secretariats)", - "description": "

Access Control

User must belong to an organization with the Secretariat role or be an Admin of the organization

Expected Behavior

Admin User: Creates a user for the Admin's organization

Secretariat: Creates a user for any organization

", - "operationId": "userCreateSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the new user information (with the secret)", - "content": { - "application/json": { + "previousPage": { + "in": "query", + "name": "previous_page", + "description": "Key returned by a GET /cve_cursor call that must be used to get the previous page of results in a subsequent call", + "required": false, "schema": { - "$ref": "../schemas/user/create-user-response.json" + "type": "string" } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { + }, + "limit": { + "in": "query", + "name": "limit", + "description": "CVE records to return per page. Must be between 1-500. ", + "required": false, "schema": { - "$ref": "../schemas/errors/bad-request.json" + "type": "integer" } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { + }, + "cnaModified": { + "in": "query", + "name": "cna_modified", + "description": "Only get CVE records with cnaContainers that have been modified/created within the set time_modified range. Requires at least one time_modified parameter set", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "boolean" } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { + }, + "adpShortName": { + "in": "query", + "name": "adp_short_name", + "description": "Only get CVE records that have an adpContainer owned by this org.", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "cveState": { + "in": "query", + "name": "state", + "description": "Filter by state", + "schema": { + "type": "string", + "enum": [ + "PUBLISHED", + "REJECTED" + ] } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { + }, + "cve_year": { + "in": "query", + "name": "cve_year", + "description": "The year the CVE IDs will be reserved for (i.e., 1999, ..., currentYear + 1)", + "required": true, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "integer", + "format": "int32" } - } - } - } - }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/create-user-request.json" - } - } - } - } - } - }, - "/org/{shortname}/user/{username}": { - "get": { - "tags": [ - "Users" - ], - "summary": "Retrieves information about a user for the specified username and organization short name (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves information about a user in the same organization

Secretariat: Retrieves any user's information

", - "operationId": "userSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The shortname of the organization" - }, - { - "name": "username", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The username of the user" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about the specified user", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/get-user-response.json" + "cveIdGetFilteredState": { + "in": "query", + "name": "state", + "description": "Filter by state ", + "required": false, + "schema": { + "type": "string", + "enum": [ + "RESERVED", + "PUBLISHED", + "REJECTED" + ] } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { + }, + "cveIdGetFilteredCveIdYear": { + "in": "query", + "name": "cve_id_year", + "description": "Filter by the year of the CVE IDs", + "required": false, "schema": { - "$ref": "../schemas/errors/bad-request.json" + "type": "string" } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { + }, + "cveIdGetFilteredTimeReservedLt": { + "in": "query", + "name": "time_reserved.lt", + "description": "Most recent reserved timestamp to retrieve. Include with all requests potentially returning multiple pages of CVE IDs to avoid issues if new IDs are reserved during use.

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string", + "format": "date-time" } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { + }, + "cveIdGetFilteredTimeReservedGt": { + "in": "query", + "name": "time_reserved.gt", + "description": "Earliest CVE ID reserved timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string", + "format": "date-time" } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { + }, + "cveIdGetFilteredTimeModifiedLt": { + "in": "query", + "name": "time_modified.lt", + "description": "Most recent modified timestamp to retrieve. Include with all requests using a time_modified.gt filter potentially returning multiple pages of CVE IDs. This will avoid issues if IDs are reserved or modified during use.

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string", + "format": "date-time" } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { + }, + "cveIdGetFilteredTimeModifiedGt": { + "in": "query", + "name": "time_modified.gt", + "description": "Earliest CVE ID modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string", + "format": "date-time" } - } - } - } - } - }, - "put": { - "tags": [ - "Users" - ], - "summary": "Updates information about a user for the specified username and organization shortname (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular User: Updates the user's own information. Only name fields may be changed.

Admin User: Updates information about a user in the Admin's organization. Allowed to change all fields except org_short_name.

Secretariat: Updates information about a user in any organization. Allowed to change all fields.

", - "operationId": "userUpdateSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "name": "username", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The username of the user" - }, - { - "$ref": "#/components/parameters/active" - }, - { - "$ref": "#/components/parameters/activeUserRolesAdd" - }, - { - "$ref": "#/components/parameters/activeUserRolesRemove" - }, - { - "$ref": "#/components/parameters/nameFirst" - }, - { - "$ref": "#/components/parameters/nameLast" - }, - { - "$ref": "#/components/parameters/nameMiddle" - }, - { - "$ref": "#/components/parameters/nameSuffix" - }, - { - "$ref": "#/components/parameters/newUsername" - }, - { - "$ref": "#/components/parameters/orgShortname" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the updated user information", - "content": { - "application/json": { + "cveRecordFilteredTimeModifiedLt": { + "in": "query", + "name": "time_modified.lt", + "description": "Most recent CVE record modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, "schema": { - "$ref": "../schemas/user/update-user-response.json" + "type": "string", + "format": "date-time" } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { + }, + "cveRecordFilteredTimeModifiedGt": { + "in": "query", + "name": "time_modified.gt", + "description": "Earliest CVE record modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, "schema": { - "$ref": "../schemas/errors/bad-request.json" + "type": "string", + "format": "date-time" } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { + }, + "id_quota": { + "in": "query", + "name": "id_quota", + "description": "The new number of CVE IDs the organization is allowed to have in the RESERVED state at one time", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 100000 } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { + }, + "name": { + "in": "query", + "name": "name", + "description": "The new name for the organization", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { + }, + "nameFirst": { + "in": "query", + "name": "name.first", + "description": "The new first name for the user entry", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { + }, + "nameLast": { + "in": "query", + "name": "name.last", + "description": "The new last name for the user entry", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - } - } - } - }, - "/org/{shortname}/user/{username}/reset_secret": { - "put": { - "tags": [ - "Users" - ], - "summary": "Reset the API key for a user (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular User: Resets user's own API secret

Admin User: Resets any user's API secret in the Admin's organization

Secretariat: Resets any user's API secret

", - "operationId": "userResetSecret", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "name": "username", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The username of the user" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the new API key", - "content": { - "application/json": { + "nameMiddle": { + "in": "query", + "name": "name.middle", + "description": "The new middle name for the user entry", + "required": false, "schema": { - "$ref": "../schemas/user/reset-secret-response.json" + "type": "string" } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { + }, + "nameSuffix": { + "in": "query", + "name": "name.suffix", + "description": "The new suffix for the user entry", + "required": false, "schema": { - "$ref": "../schemas/errors/bad-request.json" + "type": "string" } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { + }, + "newShortname": { + "in": "query", + "name": "new_short_name", + "description": "The new shortname for the organization", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { + }, + "newUsername": { + "in": "query", + "name": "new_username", + "description": "The new username for the user, preferably the user's email address. Must be 3-128 characters in length; allowed characters are alphanumeric and -_@.", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { + }, + "org": { + "in": "query", + "name": "org", + "description": "The shortname of the new owning_cna for the CVE ID", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { + }, + "orgShortname": { + "in": "query", + "name": "org_short_name", + "description": "The new organization for the user", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - } - } - } - }, - "/users": { - "get": { - "tags": [ - "Users" - ], - "summary": "Retrieves information about all registered users (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves information about all users for all organizations

", - "operationId": "userAll", - "parameters": [ - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns all users, along with pagination fields if results span multiple pages of data.", - "content": { - "application/json": { + }, + "pageQuery": { + "in": "query", + "name": "page", + "description": "The current page in the paginator", + "required": false, "schema": { - "$ref": "../schemas/user/list-users-response.json" + "type": "integer", + "format": "int32", + "minimum": 1 } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { + }, + "short_name": { + "in": "query", + "name": "short_name", + "description": "The CNA that will own the reserved CVE IDs", + "required": true, "schema": { - "$ref": "../schemas/errors/bad-request.json" + "type": "string" } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { + }, + "shortname": { + "in": "query", + "name": "shortname", + "description": "The new shortname for the organization", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "state": { + "in": "query", + "name": "state", + "description": "The new state for the CVE ID", + "required": false, + "schema": { + "type": "string", + "enum": [ + "RESERVED", + "REJECTED" + ] } - } } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "examples": { + "publishedRecord": { + "value": { + "containers": { + "cna": { + "affected": [ + { + "vendor": "string", + "product": "string", + "versions": [ + { + "version": "string", + "status": "string" + } + ] + } + ], + "descriptions": [ + { + "lang": "string", + "value": "string" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "description": "string", + "lang": "string", + "type": "string" + } + ] + } + ], + "providerMetadata": { + "orgId": "string", + "shortName": "string", + "dateUpdated": "2022-05-13T14:26:39.293Z" + }, + "references": [ + { + "name": "string", + "tags": [ + "string" + ], + "url": "string" + } + ] + } + }, + "cveMetadata": { + "assignerOrgId": "string", + "cveId": "string", + "state": "string", + "assignerShortName": "string", + "requesterUserId": "string", + "dateReserved": "string", + "datePublished": "string" + }, + "dataType": "string", + "dataVersion": "string" } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "rejectedRecord": { + "value": { + "containers": { + "cna": { + "rejectedReasons": [ + { + "lang": "string", + "value": "string", + "supportingMedia": [ + { + "type": "string", + "base64": false, + "value": "string" + } + ] + } + ], + "replacedBy": [ + "string" + ], + "providerMetadata": { + "orgId": "string", + "shortName": "string", + "dateUpdated": "2022-05-13T14:27:39.617Z" + } + } + }, + "cveMetadata": { + "assignerOrgId": "string", + "cveId": "string", + "state": "string", + "assignerShortName": "string", + "requesterUserId": "string", + "dateReserved": "string", + "datePublished": "string" + }, + "dataType": "string", + "dataVersion": "string" } - } - } - } - } - } - }, - "/health-check": { - "get": { - "tags": [ - "Utilities" - ], - "summary": "Checks that the system is running (accessible to all users)", - "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

Returns a 200 response code when CVE Services are running

", - "operationId": "healthCheck", - "parameters": [], - "responses": { - "200": { - "description": "Returns a 200 response code" - } - } - } - } - }, - "components": { - "parameters": { - "active": { - "in": "query", - "name": "active", - "description": "The new active state for the user entry. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", - "required": false, - "schema": { - "type": "boolean" - } - }, - "active_roles_add": { - "in": "query", - "name": "active_roles.add", - "description": "Add an active role to the organization", - "required": false, - "schema": { - "type": "string", - "enum": [ - "CNA", - "SECRETARIAT" - ] - } - }, - "active_roles_remove": { - "in": "query", - "name": "active_roles.remove", - "description": "Remove an active role from the organization", - "required": false, - "schema": { - "type": "string", - "enum": [ - "CNA", - "SECRETARIAT" - ] - } - }, - "activeUserRolesAdd": { - "in": "query", - "name": "active_roles.add", - "description": "Add an active role to the user", - "required": false, - "schema": { - "type": "string", - "enum": [ - "ADMIN" - ] - } - }, - "activeUserRolesRemove": { - "in": "query", - "name": "active_roles.remove", - "description": "Remove an active role from the user", - "required": false, - "schema": { - "type": "string", - "enum": [ - "ADMIN" - ] - } - }, - "apiEntityHeader": { - "in": "header", - "name": "CVE-API-ORG", - "description": "The shortname for the organization associated with the user requesting authentication", - "required": true, - "schema": { - "type": "string" - } - }, - "apiUserHeader": { - "in": "header", - "name": "CVE-API-USER", - "description": "The username for the account making the request", - "required": true, - "schema": { - "type": "string" - } - }, - "apiSecretHeader": { - "in": "header", - "name": "CVE-API-KEY", - "description": "The user's API key", - "required": true, - "schema": { - "type": "string" - } - }, - "amount": { - "in": "query", - "name": "amount", - "description": "Quantity of CVE IDs to reserve", - "required": true, - "schema": { - "type": "integer", - "format": "int32" - } - }, - "assigner": { - "in": "query", - "name": "assigner", - "description": "Filter by assigner org UUID", - "required": false, - "schema": { - "type": "string" - } - }, - "assignerShortName": { - "in": "query", - "name": "assigner_short_name", - "description": "Filter by assignerShortName", - "required": false, - "schema": { - "type": "string" - } - }, - "batch_type": { - "in": "query", - "name": "batch_type", - "description": "Required when amount is greater than one, determines whether the reserved CVE IDs should be sequential or non-sequential", - "required": false, - "schema": { - "type": "string", - "enum": [ - "sequential", - "non-sequential", - "nonsequential" - ] - } - }, - "countOnly": { - "in": "query", - "name": "count_only", - "description": "Get count of records that match query. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", - "required": false, - "schema": { - "type": "boolean" - } - }, - "nextPage": { - "in": "query", - "name": "next_page", - "description": "Key returned by a GET /cve_cursor call that must be used to get the next page of results in a subsequent call", - "required": false, - "schema": { - "type": "string" - } - }, - "previousPage": { - "in": "query", - "name": "previous_page", - "description": "Key returned by a GET /cve_cursor call that must be used to get the previous page of results in a subsequent call", - "required": false, - "schema": { - "type": "string" - } - }, - "limit": { - "in": "query", - "name": "limit", - "description": "CVE records to return per page. Must be between 1-500. ", - "required": false, - "schema": { - "type": "integer" - } - }, - "cnaModified": { - "in": "query", - "name": "cna_modified", - "description": "Only get CVE records with cnaContainers that have been modified/created within the set time_modified range. Requires at least one time_modified parameter set", - "required": false, - "schema": { - "type": "boolean" - } - }, - "adpShortName": { - "in": "query", - "name": "adp_short_name", - "description": "Only get CVE records that have an adpContainer owned by this org.", - "required": false, - "schema": { - "type": "string" - } - }, - "cveState": { - "in": "query", - "name": "state", - "description": "Filter by state", - "schema": { - "type": "string", - "enum": [ - "PUBLISHED", - "REJECTED" - ] - } - }, - "cve_year": { - "in": "query", - "name": "cve_year", - "description": "The year the CVE IDs will be reserved for (i.e., 1999, ..., currentYear + 1)", - "required": true, - "schema": { - "type": "integer", - "format": "int32" - } - }, - "cveIdGetFilteredState": { - "in": "query", - "name": "state", - "description": "Filter by state ", - "required": false, - "schema": { - "type": "string", - "enum": [ - "RESERVED", - "PUBLISHED", - "REJECTED" - ] - } - }, - "cveIdGetFilteredCveIdYear": { - "in": "query", - "name": "cve_id_year", - "description": "Filter by the year of the CVE IDs", - "required": false, - "schema": { - "type": "string" - } - }, - "cveIdGetFilteredTimeReservedLt": { - "in": "query", - "name": "time_reserved.lt", - "description": "Most recent reserved timestamp to retrieve. Include with all requests potentially returning multiple pages of CVE IDs to avoid issues if new IDs are reserved during use.

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, - "schema": { - "type": "string", - "format": "date-time" - } - }, - "cveIdGetFilteredTimeReservedGt": { - "in": "query", - "name": "time_reserved.gt", - "description": "Earliest CVE ID reserved timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, - "schema": { - "type": "string", - "format": "date-time" - } - }, - "cveIdGetFilteredTimeModifiedLt": { - "in": "query", - "name": "time_modified.lt", - "description": "Most recent modified timestamp to retrieve. Include with all requests using a time_modified.gt filter potentially returning multiple pages of CVE IDs. This will avoid issues if IDs are reserved or modified during use.

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, - "schema": { - "type": "string", - "format": "date-time" - } - }, - "cveIdGetFilteredTimeModifiedGt": { - "in": "query", - "name": "time_modified.gt", - "description": "Earliest CVE ID modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, - "schema": { - "type": "string", - "format": "date-time" - } - }, - "cveRecordFilteredTimeModifiedLt": { - "in": "query", - "name": "time_modified.lt", - "description": "Most recent CVE record modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, - "schema": { - "type": "string", - "format": "date-time" - } - }, - "cveRecordFilteredTimeModifiedGt": { - "in": "query", - "name": "time_modified.gt", - "description": "Earliest CVE record modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, - "schema": { - "type": "string", - "format": "date-time" - } - }, - "id_quota": { - "in": "query", - "name": "id_quota", - "description": "The new number of CVE IDs the organization is allowed to have in the RESERVED state at one time", - "required": false, - "schema": { - "type": "integer", - "format": "int32", - "minimum": 0, - "maximum": 100000 - } - }, - "name": { - "in": "query", - "name": "name", - "description": "The new name for the organization", - "required": false, - "schema": { - "type": "string" - } - }, - "nameFirst": { - "in": "query", - "name": "name.first", - "description": "The new first name for the user entry", - "required": false, - "schema": { - "type": "string" - } - }, - "nameLast": { - "in": "query", - "name": "name.last", - "description": "The new last name for the user entry", - "required": false, - "schema": { - "type": "string" - } - }, - "nameMiddle": { - "in": "query", - "name": "name.middle", - "description": "The new middle name for the user entry", - "required": false, - "schema": { - "type": "string" - } - }, - "nameSuffix": { - "in": "query", - "name": "name.suffix", - "description": "The new suffix for the user entry", - "required": false, - "schema": { - "type": "string" - } - }, - "newShortname": { - "in": "query", - "name": "new_short_name", - "description": "The new shortname for the organization", - "required": false, - "schema": { - "type": "string" - } - }, - "newUsername": { - "in": "query", - "name": "new_username", - "description": "The new username for the user, preferably the user's email address. Must be 3-128 characters in length; allowed characters are alphanumeric and -_@.", - "required": false, - "schema": { - "type": "string" - } - }, - "org": { - "in": "query", - "name": "org", - "description": "The shortname of the new owning_cna for the CVE ID", - "required": false, - "schema": { - "type": "string" - } - }, - "orgShortname": { - "in": "query", - "name": "org_short_name", - "description": "The new organization for the user", - "required": false, - "schema": { - "type": "string" - } - }, - "pageQuery": { - "in": "query", - "name": "page", - "description": "The current page in the paginator", - "required": false, - "schema": { - "type": "integer", - "format": "int32", - "minimum": 1 - } - }, - "short_name": { - "in": "query", - "name": "short_name", - "description": "The CNA that will own the reserved CVE IDs", - "required": true, - "schema": { - "type": "string" - } - }, - "shortname": { - "in": "query", - "name": "shortname", - "description": "The new shortname for the organization", - "required": false, - "schema": { - "type": "string" - } - }, - "state": { - "in": "query", - "name": "state", - "description": "The new state for the CVE ID", - "required": false, - "schema": { - "type": "string", - "enum": [ - "RESERVED", - "REJECTED" - ] - } - } - }, - "examples": { - "publishedRecord": { - "value": { - "containers": { - "cna": { - "affected": [ - { - "vendor": "string", - "product": "string", - "versions": [ - { - "version": "string", - "status": "string" - } - ] - } - ], - "descriptions": [ - { - "lang": "string", - "value": "string" - } - ], - "problemTypes": [ - { - "descriptions": [ - { - "description": "string", - "lang": "string", - "type": "string" - } - ] - } - ], - "providerMetadata": { - "orgId": "string", - "shortName": "string", - "dateUpdated": "2022-05-13T14:26:39.293Z" - }, - "references": [ - { - "name": "string", - "tags": [ - "string" - ], - "url": "string" - } - ] - } - }, - "cveMetadata": { - "assignerOrgId": "string", - "cveId": "string", - "state": "string", - "assignerShortName": "string", - "requesterUserId": "string", - "dateReserved": "string", - "datePublished": "string" - }, - "dataType": "string", - "dataVersion": "string" - } - }, - "rejectedRecord": { - "value": { - "containers": { - "cna": { - "rejectedReasons": [ - { - "lang": "string", - "value": "string", - "supportingMedia": [ - { - "type": "string", - "base64": false, - "value": "string" + }, + "rejectedCreateCVERecord": { + "value": { + "message": "string", + "created": { + "containers": { + "cna": { + "rejectedReasons": [ + { + "lang": "string", + "value": "string", + "supportingMedia": [ + { + "type": "string", + "base64": false, + "value": "string" + } + ] + } + ], + "replacedBy": [ + "string" + ], + "providerMetadata": { + "orgId": "string", + "shortName": "string", + "dateUpdated": "2022-05-13T14:27:39.617Z" + } + } + }, + "cveMetadata": { + "assignerOrgId": "string", + "cveId": "string", + "state": "string", + "assignerShortName": "string", + "requesterUserId": "string", + "dateReserved": "string", + "datePublished": "string" + }, + "dataType": "string", + "dataVersion": "string" } - ] - } - ], - "replacedBy": [ - "string" - ], - "providerMetadata": { - "orgId": "string", - "shortName": "string", - "dateUpdated": "2022-05-13T14:27:39.617Z" - } - } - }, - "cveMetadata": { - "assignerOrgId": "string", - "cveId": "string", - "state": "string", - "assignerShortName": "string", - "requesterUserId": "string", - "dateReserved": "string", - "datePublished": "string" - }, - "dataType": "string", - "dataVersion": "string" - } - }, - "rejectedCreateCVERecord": { - "value": { - "message": "string", - "created": { - "containers": { - "cna": { - "rejectedReasons": [ - { - "lang": "string", - "value": "string", - "supportingMedia": [ - { - "type": "string", - "base64": false, - "value": "string" - } - ] - } - ], - "replacedBy": [ - "string" - ], - "providerMetadata": { - "orgId": "string", - "shortName": "string", - "dateUpdated": "2022-05-13T14:27:39.617Z" } - } - }, - "cveMetadata": { - "assignerOrgId": "string", - "cveId": "string", - "state": "string", - "assignerShortName": "string", - "requesterUserId": "string", - "dateReserved": "string", - "datePublished": "string" - }, - "dataType": "string", - "dataVersion": "string" - } + } } - } } - } } \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index 3a556810..527d4635 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "cve-services", - "version": "2.3.1", + "version": "2.3.2", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "cve-services", - "version": "2.3.1", + "version": "2.3.2", "license": "(CC0)", "dependencies": { "ajv": "^8.6.2", diff --git a/src/swagger.js b/src/swagger.js index e412e0c9..31ac3841 100644 --- a/src/swagger.js +++ b/src/swagger.js @@ -14,7 +14,7 @@ const rejectedCreateCVERecord = require('../schemas/cve/rejected-create-cve-exam /* eslint-disable no-multi-str */ const doc = { info: { - version: '2.3.1', + version: '2.3.2', title: 'CVE Services API', description: "The CVE Services API supports automation tooling for the CVE Program. Credentials are \ required for most service endpoints. Representatives of \