From 538bf4a08501c537a042ac6dba92603bdbf45839 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Fri, 26 Jan 2024 12:41:09 -0500 Subject: [PATCH 1/5] #1176 added logic to redact requested_by.user value for uesrs not in requested_by.cna --- src/controller/cve-id.controller/cve-id.controller.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/controller/cve-id.controller/cve-id.controller.js b/src/controller/cve-id.controller/cve-id.controller.js index 4d13a95e..32d37aa5 100644 --- a/src/controller/cve-id.controller/cve-id.controller.js +++ b/src/controller/cve-id.controller/cve-id.controller.js @@ -122,7 +122,7 @@ async function getFilteredCveId (req, res, next) { cve_ids: pg.itemsList.map((i) => { const cnaid = i.requested_by.cna i.requested_by.cna = orgMap[cnaid].shortname - i.requested_by.user = orgMap[cnaid].users[i.requested_by.user] + i.requested_by.user = orgMap[cnaid].users[i.requested_by.user] ? orgMap[cnaid].users[i.requested_by.user] : 'REDACTED' i.owning_cna = orgMap[i.owning_cna].shortname return i }) From 299a1088d669ac46fe43b95fc2c942ed67689b17 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Mon, 29 Jan 2024 10:51:18 -0500 Subject: [PATCH 2/5] #1176 added integration test for checking for redacted users in cve-ids --- test/integration-tests/cve-id/getCveIdTest.js | 22 +++++++++++++++++++ test/integration-tests/helpers.js | 13 ++++++++++- 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/test/integration-tests/cve-id/getCveIdTest.js b/test/integration-tests/cve-id/getCveIdTest.js index a8685463..fb9d3799 100644 --- a/test/integration-tests/cve-id/getCveIdTest.js +++ b/test/integration-tests/cve-id/getCveIdTest.js @@ -7,6 +7,7 @@ const _ = require('lodash') const expect = chai.expect const constants = require('../constants.js') +const helpers = require('../helpers.js') const app = require('../../../src/index.js') describe('Testing Get CVE-ID endpoint', () => { @@ -109,6 +110,27 @@ describe('Testing Get CVE-ID endpoint', () => { expect(res).to.have.status(200) }) }) + it('Should redact requested_by.user values not in requested_by.cna org', async () => { + const cveId = await helpers.cveIdReserveHelper(1, '2023', constants.nonSecretariatUserHeaders['CVE-API-ORG'], 'non-sequential') + + // change users org for testing + await helpers.userOrgUpdateAsSecHelper(constants.nonSecretariatUserHeaders['CVE-API-USER'], constants.nonSecretariatUserHeaders['CVE-API-ORG'], 'mitre') + + await chai.request(app) + .get('/api/cve-id?state=RESERVED') + .set(constants.headers) + .then(async (res, err) => { + const cveIdObject = _.find(res.body.cve_ids, obj => { + return obj.cve_id === cveId + }) + expect(err).to.be.undefined + expect(res).to.have.status(200) + expect(cveIdObject.requested_by.user).to.equal('REDACTED') + + // Reset user to original org + await helpers.userOrgUpdateAsSecHelper(constants.nonSecretariatUserHeaders['CVE-API-USER'], 'mitre', 'win_5') + }) + }) }) context('negative tests', () => { it('Feb 29 2100 should not be valid', async () => { diff --git a/test/integration-tests/helpers.js b/test/integration-tests/helpers.js index af977623..f0833878 100644 --- a/test/integration-tests/helpers.js +++ b/test/integration-tests/helpers.js @@ -96,6 +96,16 @@ async function cveUpdateAsCnaHelperWithAdpContainer (cveId, adpContainer) { }) } +async function userOrgUpdateAsSecHelper (userName, orgShortName, newOrgShortName) { + await chai.request(app) + .put(`/api/org/${orgShortName}/user/${userName}?org_short_name=${newOrgShortName}`) + .set(constants.headers) + .then((res, err) => { + // Safety Expect + expect(res).to.have.status(200) + }) +} + module.exports = { cveIdReserveHelper, cveIdBulkReserveHelper, @@ -104,5 +114,6 @@ module.exports = { cveRequestAsSecHelper, cveUpdatetAsCnaHelperWithCnaContainer, cveUpdateAsSecHelper, - cveUpdateAsCnaHelperWithAdpContainer + cveUpdateAsCnaHelperWithAdpContainer, + userOrgUpdateAsSecHelper } From 09eeb6f066873cc3802ec2185fc7837d63dc6be3 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Thu, 1 Feb 2024 11:14:24 -0500 Subject: [PATCH 3/5] #1176 added logic for cve-ids changing orgs, for secretariat users, and added tests --- .../cve-id.controller/cve-id.controller.js | 29 ++++++++- test/integration-tests/constants.js | 14 +++++ test/integration-tests/cve-id/getCveIdTest.js | 61 ++++++++++++++++++- test/integration-tests/helpers.js | 13 +++- 4 files changed, 113 insertions(+), 4 deletions(-) diff --git a/src/controller/cve-id.controller/cve-id.controller.js b/src/controller/cve-id.controller/cve-id.controller.js index 32d37aa5..4dd2c0eb 100644 --- a/src/controller/cve-id.controller/cve-id.controller.js +++ b/src/controller/cve-id.controller/cve-id.controller.js @@ -42,11 +42,14 @@ async function getFilteredCveId (req, res, next) { const users = await userRepo.getAllUsers() const orgMap = {} + const userMap = {} + orgs.forEach(org => { orgMap[org.UUID] = { shortname: org.short_name, users: {} } }) users.forEach(user => { + userMap[user.UUID] = user.username if (!orgMap[user.org_UUID]) { orgMap[user.org_UUID] = { shortname: `MISSING ORG ${user.org_UUID}`, users: {} } } @@ -122,7 +125,31 @@ async function getFilteredCveId (req, res, next) { cve_ids: pg.itemsList.map((i) => { const cnaid = i.requested_by.cna i.requested_by.cna = orgMap[cnaid].shortname - i.requested_by.user = orgMap[cnaid].users[i.requested_by.user] ? orgMap[cnaid].users[i.requested_by.user] : 'REDACTED' + + // User value is redacted in certain cases + // Checks if requested_by.user is in requested_by.cna org + if (!orgMap[cnaid].users[i.requested_by.user]) { + // Never redact for secretariat users + if (isSecretariat) { + i.requested_by.user = userMap[i.requested_by.user] + } else { + // Redact because requested_by.user is not in requested_by.cna org + i.requested_by.user = 'REDACTED' + } + // Check is current owning_cna is also requested_by.cna (if a CVE-ID changes orgs) + } else if (cnaid !== i.owning_cna) { + // Never redact for secretariat + if (isSecretariat) { + i.requested_by.user = userMap[i.requested_by.user] + } else { + // Redact because current owner is not requested_by.cna and shouldn't see requested_by.user + i.requested_by.user = 'REDACTED' + } + } else { + // No redaction, original requested_by.user is in requested_by.cna and owning_cna + i.requested_by.user = orgMap[cnaid].users[i.requested_by.user] + } + i.owning_cna = orgMap[i.owning_cna].shortname return i }) diff --git a/test/integration-tests/constants.js b/test/integration-tests/constants.js index 6aab5359..a869d8cb 100644 --- a/test/integration-tests/constants.js +++ b/test/integration-tests/constants.js @@ -11,6 +11,18 @@ const nonSecretariatUserHeaders = { 'CVE-API-USER': 'jasminesmith@win_5.com' } +const nonSecretariatUserHeaders2 = { + 'CVE-API-ORG': 'win_5', + 'CVE-API-Key': 'TCF25YM-39C4H6D-KA32EGF-V5XSHN3', + 'CVE-API-USER': 'win_5_admin@win_5.com' +} + +const nonSecretariatUserHeaders3 = { + 'CVE-API-ORG': 'evidence_15', + 'CVE-API-Key': 'TCF25YM-39C4H6D-KA32EGF-V5XSHN3', + 'CVE-API-USER': 'timothymyers@evidence_15.com' +} + const nonSecretariatUserHeadersWithAdp2 = { 'CVE-API-ORG': 'range_4', 'CVE-API-Key': 'TCF25YM-39C4H6D-KA32EGF-V5XSHN3', @@ -272,6 +284,8 @@ const existingOrg = { module.exports = { headers, nonSecretariatUserHeaders, + nonSecretariatUserHeaders2, + nonSecretariatUserHeaders3, badNonSecretariatUserHeaders, nonSecretariatUserHeadersWithAdp2, testCve, diff --git a/test/integration-tests/cve-id/getCveIdTest.js b/test/integration-tests/cve-id/getCveIdTest.js index fb9d3799..3209b822 100644 --- a/test/integration-tests/cve-id/getCveIdTest.js +++ b/test/integration-tests/cve-id/getCveIdTest.js @@ -110,7 +110,7 @@ describe('Testing Get CVE-ID endpoint', () => { expect(res).to.have.status(200) }) }) - it('Should redact requested_by.user values not in requested_by.cna org', async () => { + it('For non Secretariat users, should redact requested_by.user values not in requested_by.cna org', async () => { const cveId = await helpers.cveIdReserveHelper(1, '2023', constants.nonSecretariatUserHeaders['CVE-API-ORG'], 'non-sequential') // change users org for testing @@ -118,7 +118,28 @@ describe('Testing Get CVE-ID endpoint', () => { await chai.request(app) .get('/api/cve-id?state=RESERVED') - .set(constants.headers) + .set(constants.nonSecretariatUserHeaders2) + .then(async (res, err) => { + const cveIdObject = _.find(res.body.cve_ids, obj => { + return obj.cve_id === cveId + }) + expect(err).to.be.undefined + expect(res).to.have.status(200) + expect(cveIdObject.requested_by.user).to.equal('REDACTED') + + // Reset user to original org + await helpers.userOrgUpdateAsSecHelper(constants.nonSecretariatUserHeaders['CVE-API-USER'], 'mitre', 'win_5') + }) + }) + it('For non Secretariat users, should redact requested_by.user values when requested_by.cna is not owning_cna', async () => { + const cveId = await helpers.cveIdReserveHelper(1, '2023', constants.nonSecretariatUserHeaders['CVE-API-ORG'], 'non-sequential') + + // change cve-id's owning_org for testing + await helpers.updateOwningOrgAsSecHelper(cveId, constants.nonSecretariatUserHeaders3['CVE-API-ORG']) + + await chai.request(app) + .get('/api/cve-id?state=RESERVED') + .set(constants.nonSecretariatUserHeaders3) .then(async (res, err) => { const cveIdObject = _.find(res.body.cve_ids, obj => { return obj.cve_id === cveId @@ -126,11 +147,47 @@ describe('Testing Get CVE-ID endpoint', () => { expect(err).to.be.undefined expect(res).to.have.status(200) expect(cveIdObject.requested_by.user).to.equal('REDACTED') + }) + }) + it('For Secretariat users, should redact requested_by.user values not in requested_by.cna org', async () => { + const cveId = await helpers.cveIdReserveHelper(1, '2023', constants.nonSecretariatUserHeaders['CVE-API-ORG'], 'non-sequential') + + // change users org for testing + await helpers.userOrgUpdateAsSecHelper(constants.nonSecretariatUserHeaders['CVE-API-USER'], constants.nonSecretariatUserHeaders['CVE-API-ORG'], 'mitre') + + await chai.request(app) + .get('/api/cve-id?state=RESERVED') + .set(constants.headers) + .then(async (res, err) => { + const cveIdObject = _.find(res.body.cve_ids, obj => { + return obj.cve_id === cveId + }) + expect(err).to.be.undefined + expect(res).to.have.status(200) + expect(cveIdObject.requested_by.user).to.equal(constants.nonSecretariatUserHeaders['CVE-API-USER']) // Reset user to original org await helpers.userOrgUpdateAsSecHelper(constants.nonSecretariatUserHeaders['CVE-API-USER'], 'mitre', 'win_5') }) }) + it('For Secretariat users, should redact requested_by.user values when requested_by.cna is not owning_cna', async () => { + const cveId = await helpers.cveIdReserveHelper(1, '2023', constants.nonSecretariatUserHeaders['CVE-API-ORG'], 'non-sequential') + + // change cve-id's owning_org for testing + await helpers.updateOwningOrgAsSecHelper(cveId, constants.nonSecretariatUserHeaders3['CVE-API-ORG']) + + await chai.request(app) + .get('/api/cve-id?state=RESERVED') + .set(constants.headers) + .then(async (res, err) => { + const cveIdObject = _.find(res.body.cve_ids, obj => { + return obj.cve_id === cveId + }) + expect(err).to.be.undefined + expect(res).to.have.status(200) + expect(cveIdObject.requested_by.user).to.equal(constants.nonSecretariatUserHeaders['CVE-API-USER']) + }) + }) }) context('negative tests', () => { it('Feb 29 2100 should not be valid', async () => { diff --git a/test/integration-tests/helpers.js b/test/integration-tests/helpers.js index f0833878..4fd5cce6 100644 --- a/test/integration-tests/helpers.js +++ b/test/integration-tests/helpers.js @@ -106,6 +106,16 @@ async function userOrgUpdateAsSecHelper (userName, orgShortName, newOrgShortName }) } +async function updateOwningOrgAsSecHelper (cveId, newOrgShortName) { + await chai.request(app) + .put(`/api/cve-id/${cveId}?org=${newOrgShortName}`) + .set(constants.headers) + .then((res, err) => { + // Safety Expect + expect(res).to.have.status(200) + }) +} + module.exports = { cveIdReserveHelper, cveIdBulkReserveHelper, @@ -115,5 +125,6 @@ module.exports = { cveUpdatetAsCnaHelperWithCnaContainer, cveUpdateAsSecHelper, cveUpdateAsCnaHelperWithAdpContainer, - userOrgUpdateAsSecHelper + userOrgUpdateAsSecHelper, + updateOwningOrgAsSecHelper } From 135694707b1d3c9b2d00faeaed4ef306c09c36a4 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Wed, 14 Feb 2024 09:36:46 -0500 Subject: [PATCH 4/5] Updated version number to 2.2.1 --- api-docs/openapi.json | 6636 ++++++++++++++++++++--------------------- package-lock.json | 6 +- package.json | 4 +- src/swagger.js | 2 +- 4 files changed, 3324 insertions(+), 3324 deletions(-) diff --git a/api-docs/openapi.json b/api-docs/openapi.json index 99dd1438..5b349680 100644 --- a/api-docs/openapi.json +++ b/api-docs/openapi.json @@ -1,3480 +1,3480 @@ { - "openapi": "3.0.2", - "info": { - "version": "2.2.0", - "title": "CVE Services API", - "description": "The CVE Services API supports automation tooling for the CVE Program. Credentials are required for most service endpoints. Representatives of CVE Numbering Authorities (CNAs) should use one of the methods below to obtain credentials:
  • If your organization already has an Organizational Administrator (OA) account for the CVE Services, ask your admin for credentials
  • Contact your Root (Google, INCIBE, JPCERT/CC, or Red Hat) or Top-Level Root (CISA ICS or MITRE) to request credentials

CVE data is to be in the JSON 5.0 CVE Record format. Details of the JSON 5.0 schema are located here.

Contact the CVE Services team", - "contact": { - "name": "CVE Services Overview", - "url": "https://cveproject.github.io/automation-cve-services#services-overview" - } - }, - "servers": [ - { - "url": "https://cveawg-dev.mitre.org/api" - } - ], - "paths": { - "/cve-id": { - "get": { - "tags": [ - "CVE ID" - ], - "summary": "Retrieves information about CVE IDs after applying the query parameters as filters (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves filtered CVE IDs owned by the user's organization

Secretariat: Retrieves filtered CVE IDs owned by any organization

", - "operationId": "cveIdGetFiltered", - "parameters": [ - { - "$ref": "#/components/parameters/cveIdGetFilteredState" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredCveIdYear" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedLt" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedGt" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedLt" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedGt" - }, - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "A filtered list of information about CVE IDs owned by the organization, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/list-cve-ids-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - } - }, - "post": { - "tags": [ - "CVE ID" - ], - "summary": "Reserves CVE IDs for the organization provided in the short_name query parameter (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Reserves CVE IDs for the CNA

Secretariat: Reserves CVE IDs for any organization

", - "operationId": "cveIdReserve", - "parameters": [ - { - "$ref": "#/components/parameters/amount" - }, - { - "$ref": "#/components/parameters/batch_type" - }, - { - "$ref": "#/components/parameters/cve_year" - }, - { - "$ref": "#/components/parameters/short_name" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "A list of the newly reserved CVE IDs", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/create-cve-ids-response.json" - } - } - } - }, - "206": { - "description": "A partial list of the CVE IDs the IDR service managed to reserve before encountering a case where no more CVE IDs could be reserved", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/create-cve-ids-partial-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + "openapi": "3.0.2", + "info": { + "version": "2.2.1", + "title": "CVE Services API", + "description": "The CVE Services API supports automation tooling for the CVE Program. Credentials are required for most service endpoints. Representatives of CVE Numbering Authorities (CNAs) should use one of the methods below to obtain credentials:
  • If your organization already has an Organizational Administrator (OA) account for the CVE Services, ask your admin for credentials
  • Contact your Root (Google, INCIBE, JPCERT/CC, or Red Hat) or Top-Level Root (CISA ICS or MITRE) to request credentials

CVE data is to be in the JSON 5.0 CVE Record format. Details of the JSON 5.0 schema are located here.

Contact the CVE Services team", + "contact": { + "name": "CVE Services Overview", + "url": "https://cveproject.github.io/automation-cve-services#services-overview" } - } }, - "/cve-id/{id}": { - "get": { - "tags": [ - "CVE ID" - ], - "summary": "Retrieves information about the specified CVE ID (accessible to all users)", - "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

Regular, CNA & Admin Users: Retrieves full information about a CVE ID owned by their organization; partial information about a CVE ID owned by other organizations

Unauthenticated Users: Retrieves partial information about a CVE ID

Secretariat: Retrieves full information about a CVE ID owned by any organization

Note - The owning organization of RESERVED CVE IDs is redacted for all users other than those in the owning organization or Secretariat

", - "operationId": "cveIdGetSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The id of the CVE ID information to retrieve" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The requested CVE ID information is returned", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/get-cve-id-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "429": { - "description": "Too Many Requests", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - } - }, - "put": { - "tags": [ - "CVE ID" - ], - "summary": "Updates information related to the specified CVE ID (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates information related to a CVE ID owned by the CNA

Secretariat: Updates a CVE ID owned by any organization

", - "operationId": "cveIdUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The id of the CVE ID to update" - }, - { - "$ref": "#/components/parameters/org" - }, - { - "$ref": "#/components/parameters/state" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE ID information is returned", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/update-cve-id-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - } - } - }, - "/cve-id-range/{year}": { - "post": { - "tags": [ - "CVE ID" - ], - "summary": "Creates a CVE-ID-Range for the specified year (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates a CVE-ID-Range for the specified year

", - "operationId": "cveIdRangeCreate", - "parameters": [ - { - "name": "year", - "in": "path", - "required": true, - "schema": { - "type": "integer" - }, - "description": "The year of the CVE-ID-Range" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The CVE-ID-Range was created" - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - } - } - }, - "/cve/{id}": { - "get": { - "tags": [ - "CVE Record" - ], - "summary": "Returns a CVE Record by CVE ID (accessible to all users)", - "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

All users: Retrieves the CVE Record specified

", - "operationId": "cveGetSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the Record to be retrieved" - } - ], - "responses": { - "200": { - "description": "The requested CVE Record", - "content": { - "application/json": { - "schema": { - "oneOf": [ + "servers": [ + { + "url": "https://cveawg-dev.mitre.org/api" + } + ], + "paths": { + "/cve-id": { + "get": { + "tags": [ + "CVE ID" + ], + "summary": "Retrieves information about CVE IDs after applying the query parameters as filters (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves filtered CVE IDs owned by the user's organization

Secretariat: Retrieves filtered CVE IDs owned by any organization

", + "operationId": "cveIdGetFiltered", + "parameters": [ + { + "$ref": "#/components/parameters/cveIdGetFilteredState" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredCveIdYear" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedLt" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedGt" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedLt" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedGt" + }, + { + "$ref": "#/components/parameters/pageQuery" + }, { - "$ref": "../schemas/cve/get-cve-record-response.json" + "$ref": "#/components/parameters/apiEntityHeader" }, { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "A filtered list of information about CVE IDs owned by the organization, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/list-cve-ids-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } } - ] - }, - "examples": { - "Published Record": { - "$ref": "#/components/examples/publishedRecord" - }, - "Rejected Record": { - "$ref": "#/components/examples/rejectedRecord" - } - } - } - } - }, - "400": { - "description": "Bad Request", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" } - } - } - }, - "403": { - "description": "Forbidden", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "429": { - "description": "Too Many Requests", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "post": { + "tags": [ + "CVE ID" + ], + "summary": "Reserves CVE IDs for the organization provided in the short_name query parameter (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Reserves CVE IDs for the CNA

Secretariat: Reserves CVE IDs for any organization

", + "operationId": "cveIdReserve", + "parameters": [ + { + "$ref": "#/components/parameters/amount" + }, + { + "$ref": "#/components/parameters/batch_type" + }, + { + "$ref": "#/components/parameters/cve_year" + }, + { + "$ref": "#/components/parameters/short_name" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "A list of the newly reserved CVE IDs", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/create-cve-ids-response.json" + } + } + } + }, + "206": { + "description": "A partial list of the CVE IDs the IDR service managed to reserve before encountering a case where no more CVE IDs could be reserved", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/create-cve-ids-partial-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "500": { - "description": "Internal Server Error", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/cve-id/{id}": { + "get": { + "tags": [ + "CVE ID" + ], + "summary": "Retrieves information about the specified CVE ID (accessible to all users)", + "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

Regular, CNA & Admin Users: Retrieves full information about a CVE ID owned by their organization; partial information about a CVE ID owned by other organizations

Unauthenticated Users: Retrieves partial information about a CVE ID

Secretariat: Retrieves full information about a CVE ID owned by any organization

Note - The owning organization of RESERVED CVE IDs is redacted for all users other than those in the owning organization or Secretariat

", + "operationId": "cveIdGetSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the CVE ID information to retrieve" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The requested CVE ID information is returned", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/get-cve-id-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "429": { + "description": "Too Many Requests", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } - } - } - } - }, - "post": { - "tags": [ - "CVE Record" - ], - "summary": "Creates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates a CVE Record for any organization

", - "operationId": "cveSubmit", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The CVE ID for the record being submitted" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The CVE Record created", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "put": { + "tags": [ + "CVE ID" + ], + "summary": "Updates information related to the specified CVE ID (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates information related to a CVE ID owned by the CNA

Secretariat: Updates a CVE ID owned by any organization

", + "operationId": "cveIdUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the CVE ID to update" + }, + { + "$ref": "#/components/parameters/org" + }, + { + "$ref": "#/components/parameters/state" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE ID information is returned", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/update-cve-id-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - } }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" - } - } - } - } - }, - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Updates a CVE Record for any organization

", - "operationId": "cveUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being updated" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-full-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "/cve-id-range/{year}": { + "post": { + "tags": [ + "CVE ID" + ], + "summary": "Creates a CVE-ID-Range for the specified year (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates a CVE-ID-Range for the specified year

", + "operationId": "cveIdRangeCreate", + "parameters": [ + { + "name": "year", + "in": "path", + "required": true, + "schema": { + "type": "integer" + }, + "description": "The year of the CVE-ID-Range" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The CVE-ID-Range was created" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/cve/{id}": { + "get": { + "tags": [ + "CVE Record" + ], + "summary": "Returns a CVE Record by CVE ID (accessible to all users)", + "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

All users: Retrieves the CVE Record specified

", + "operationId": "cveGetSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the Record to be retrieved" + } + ], + "responses": { + "200": { + "description": "The requested CVE Record", + "content": { + "application/json": { + "schema": { + "oneOf": [ + { + "$ref": "../schemas/cve/get-cve-record-response.json" + }, + { + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + } + ] + }, + "examples": { + "Published Record": { + "$ref": "#/components/examples/publishedRecord" + }, + "Rejected Record": { + "$ref": "#/components/examples/rejectedRecord" + } + } + } + } + }, + "400": { + "description": "Bad Request", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "429": { + "description": "Too Many Requests", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } - } - } - }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" - } - } - } - } - } - }, - "/cve": { - "get": { - "tags": [ - "CVE Record" - ], - "summary": "Retrieves all CVE Records after applying the query parameters as filters (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves all CVE records for all organizations

", - "operationId": "cveGetFiltered", - "parameters": [ - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" - }, - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" - }, - { - "$ref": "#/components/parameters/cveState" - }, - { - "$ref": "#/components/parameters/countOnly" - }, - { - "$ref": "#/components/parameters/assignerShortName" - }, - { - "$ref": "#/components/parameters/assigner" - }, - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/cnaModified" - }, - { - "$ref": "#/components/parameters/adpShortName" - } - ], - "responses": { - "200": { - "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "oneOf": [ + }, + "post": { + "tags": [ + "CVE Record" + ], + "summary": "Creates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates a CVE Record for any organization

", + "operationId": "cveSubmit", + "parameters": [ { - "$ref": "../schemas/cve/list-cve-records-response.json" + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being submitted" }, { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" - } - ] - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Unauthorized" - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - } - } - }, - "/cve_cursor": { - "get": { - "tags": [ - "CVE Record" - ], - "summary": "Retrieves all CVE Records after applying the query parameters as filters. Uses cursor pagination to paginate results (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves all CVE records for all organizations

", - "operationId": "cveGetFilteredCursor", - "parameters": [ - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" - }, - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" - }, - { - "$ref": "#/components/parameters/cveState" - }, - { - "$ref": "#/components/parameters/countOnly" - }, - { - "$ref": "#/components/parameters/assignerShortName" - }, - { - "$ref": "#/components/parameters/assigner" - }, - { - "$ref": "#/components/parameters/cnaModified" - }, - { - "$ref": "#/components/parameters/adpShortName" - }, - { - "$ref": "#/components/parameters/nextPage" - }, - { - "$ref": "#/components/parameters/previousPage" - }, - { - "$ref": "#/components/parameters/limit" - } - ], - "responses": { - "200": { - "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "oneOf": [ + "$ref": "#/components/parameters/apiEntityHeader" + }, { - "$ref": "../schemas/cve/cursor-cve-records-response.json" + "$ref": "#/components/parameters/apiUserHeader" }, { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The CVE Record created", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" + } + } } - ] - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Unauthorized" - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" } - } - } - } - } - } - }, - "/cve/{id}/cna": { - "post": { - "tags": [ - "CVE Record" - ], - "summary": "Creates a CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Creates CVE Record for a CVE ID owned by their organization

Secretariat: Creates CVE Record for CVE IDs owned by any organization

", - "operationId": "cveCnaCreateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The CVE ID for the record being created" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The CVE Record created", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Updates a CVE Record for any organization

", + "operationId": "cveUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being updated" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-full-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" + } + } + } } - } } - } }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-cna-request.json" - } - } - } - } - }, - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates the CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates a CVE Record for records that are owned by their organization

Secretariat: Updates a CVE Record for records that are owned by any organization

", - "operationId": "cveCnaUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for which the record is being updated" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-full-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "/cve": { + "get": { + "tags": [ + "CVE Record" + ], + "summary": "Retrieves all CVE Records after applying the query parameters as filters (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves all CVE records for all organizations

", + "operationId": "cveGetFiltered", + "parameters": [ + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" + }, + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" + }, + { + "$ref": "#/components/parameters/cveState" + }, + { + "$ref": "#/components/parameters/countOnly" + }, + { + "$ref": "#/components/parameters/assignerShortName" + }, + { + "$ref": "#/components/parameters/assigner" + }, + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/cnaModified" + }, + { + "$ref": "#/components/parameters/adpShortName" + } + ], + "responses": { + "200": { + "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "oneOf": [ + { + "$ref": "../schemas/cve/list-cve-records-response.json" + }, + { + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + } + ] + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Unauthorized" + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - } }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-cna-request.json" - } - } - } - } - } - }, - "/cve/{id}/reject": { - "post": { - "tags": [ - "CVE Record" - ], - "summary": "Creates a rejected CVE Record for the specified ID if no record yet exists (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Creates a rejected CVE Record for a record owned by their organization

Secretariat: Creates a rejected CVE Record for a record owned by any organization

", - "operationId": "cveCnaCreateReject", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being rejected" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The rejected CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "/cve_cursor": { + "get": { + "tags": [ + "CVE Record" + ], + "summary": "Retrieves all CVE Records after applying the query parameters as filters. Uses cursor pagination to paginate results (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves all CVE records for all organizations

", + "operationId": "cveGetFilteredCursor", + "parameters": [ + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" + }, + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" + }, + { + "$ref": "#/components/parameters/cveState" + }, + { + "$ref": "#/components/parameters/countOnly" + }, + { + "$ref": "#/components/parameters/assignerShortName" + }, + { + "$ref": "#/components/parameters/assigner" + }, + { + "$ref": "#/components/parameters/cnaModified" + }, + { + "$ref": "#/components/parameters/adpShortName" + }, + { + "$ref": "#/components/parameters/nextPage" + }, + { + "$ref": "#/components/parameters/previousPage" + }, + { + "$ref": "#/components/parameters/limit" + } + ], + "responses": { + "200": { + "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "oneOf": [ + { + "$ref": "../schemas/cve/cursor-cve-records-response.json" + }, + { + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + } + ] + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Unauthorized" + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - } }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-rejection-request.json" - } - } - } - } - }, - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates an existing CVE Record with a rejected record for the specified ID (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates a rejected CVE Record for a record owned by their organization

Secretariat: Updates a rejected CVE Record for a record owned by any organization

", - "operationId": "cveCnaUpdateReject", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being rejected" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The rejected CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-cve-record-rejection-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "/cve/{id}/cna": { + "post": { + "tags": [ + "CVE Record" + ], + "summary": "Creates a CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Creates CVE Record for a CVE ID owned by their organization

Secretariat: Creates CVE Record for CVE IDs owned by any organization

", + "operationId": "cveCnaCreateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being created" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The CVE Record created", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-cna-request.json" + } + } + } } - } - } - } - }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-cve-record-rejection-request.json" - } - } - } - } - } - }, - "/cve/{id}/adp": { - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates the CVE Record from ADP Container JSON for the specified ID (accessible to ADPs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the ADP or Secretariat role

Expected Behavior

ADP: Updates a CVE Record for records that are owned by any organization

Secretariat: Updates a CVE Record for records that are owned by any organization

", - "operationId": "cveAdpUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The CVE ID for which the record is being updated" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/cve/update-full-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates the CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates a CVE Record for records that are owned by their organization

Secretariat: Updates a CVE Record for records that are owned by any organization

", + "operationId": "cveCnaUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for which the record is being updated" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-full-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-cna-request.json" + } + } + } } - } } - } }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/cve/create-adp-record-adp-request.json" - } - } - } - } - } - }, - "/org": { - "get": { - "tags": [ - "Organization" - ], - "summary": "Retrieves all organizations (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves information about all organizations

", - "operationId": "orgAll", - "parameters": [ - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about all organizations, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/list-orgs-response.json" + "/cve/{id}/reject": { + "post": { + "tags": [ + "CVE Record" + ], + "summary": "Creates a rejected CVE Record for the specified ID if no record yet exists (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Creates a rejected CVE Record for a record owned by their organization

Secretariat: Creates a rejected CVE Record for a record owned by any organization

", + "operationId": "cveCnaCreateReject", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being rejected" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The rejected CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-rejection-request.json" + } + } + } } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" + }, + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates an existing CVE Record with a rejected record for the specified ID (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates a rejected CVE Record for a record owned by their organization

Secretariat: Updates a rejected CVE Record for a record owned by any organization

", + "operationId": "cveCnaUpdateReject", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being rejected" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The rejected CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-cve-record-rejection-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-cve-record-rejection-request.json" + } + } + } } - } } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/cve/{id}/adp": { + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates the CVE Record from ADP Container JSON for the specified ID (accessible to ADPs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the ADP or Secretariat role

Expected Behavior

ADP: Updates a CVE Record for records that are owned by any organization

Secretariat: Updates a CVE Record for records that are owned by any organization

", + "operationId": "cveAdpUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for which the record is being updated" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/cve/update-full-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/cve/create-adp-record-adp-request.json" + } + } + } } - } } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/org": { + "get": { + "tags": [ + "Organization" + ], + "summary": "Retrieves all organizations (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves information about all organizations

", + "operationId": "orgAll", + "parameters": [ + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about all organizations, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/list-orgs-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "post": { + "tags": [ + "Organization" + ], + "summary": "Creates an organization as specified in the request body (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates an organization

", + "operationId": "orgCreateSingle", + "parameters": [ + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about the organization created", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/create-org-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/create-org-request.json" + } + } + } } - } } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/org/{identifier}": { + "get": { + "tags": [ + "Organization" + ], + "summary": "Retrieves information about the organization specified by short name or UUID (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves organization record for the specified shortname or UUID if it is the user's organization

Secretariat: Retrieves information about any organization

", + "operationId": "orgSingle", + "parameters": [ + { + "name": "identifier", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname or UUID of the organization" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the organization information", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/get-org-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - } - } - }, - "post": { - "tags": [ - "Organization" - ], - "summary": "Creates an organization as specified in the request body (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates an organization

", - "operationId": "orgCreateSingle", - "parameters": [ - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about the organization created", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/create-org-response.json" + }, + "/org/{shortname}": { + "put": { + "tags": [ + "Organization" + ], + "summary": "Updates information about the organization specified by short name (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Updates any organization's information

", + "operationId": "orgUpdateSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/id_quota" + }, + { + "$ref": "#/components/parameters/name" + }, + { + "$ref": "#/components/parameters/newShortname" + }, + { + "$ref": "#/components/parameters/active_roles_add" + }, + { + "$ref": "#/components/parameters/active_roles_remove" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about the organization updated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/update-org-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" + }, + "/org/{shortname}/id_quota": { + "get": { + "tags": [ + "Organization" + ], + "summary": "Retrieves an organization's CVE ID quota (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves the CVE ID quota for the user's organization

Secretariat: Retrieves the CVE ID quota for any organization

", + "operationId": "orgIdQuota", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the CVE ID quota for an organization", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/get-org-quota-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/org/{shortname}/users": { + "get": { + "tags": [ + "Users" + ], + "summary": "Retrieves all users for the organization with the specified short name (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves information about users in the same organization

Secretariat: Retrieves all user information for any organization

", + "operationId": "userOrgAll", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns all users for the organization, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/list-users-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/org/{shortname}/user": { + "post": { + "tags": [ + "Users" + ], + "summary": "Create a user with the provided short name as the owning organization (accessible to Admins and Secretariats)", + "description": "

Access Control

User must belong to an organization with the Secretariat role or be an Admin of the organization

Expected Behavior

Admin User: Creates a user for the Admin's organization

Secretariat: Creates a user for any organization

", + "operationId": "userCreateSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the new user information (with the secret)", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/create-user-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/create-user-request.json" + } + } + } } - } } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/org/{shortname}/user/{username}": { + "get": { + "tags": [ + "Users" + ], + "summary": "Retrieves information about a user for the specified username and organization short name (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves information about a user in the same organization

Secretariat: Retrieves any user's information

", + "operationId": "userSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "name": "username", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The username of the user" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about the specified user", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/get-user-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "put": { + "tags": [ + "Users" + ], + "summary": "Updates information about a user for the specified username and organization shortname (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular User: Updates the user's own information. Only name fields may be changed.

Admin User: Updates information about a user in the Admin's organization. Allowed to change all fields except org_short_name.

Secretariat: Updates information about a user in any organization. Allowed to change all fields.

", + "operationId": "userUpdateSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "name": "username", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The username of the user" + }, + { + "$ref": "#/components/parameters/active" + }, + { + "$ref": "#/components/parameters/activeUserRolesAdd" + }, + { + "$ref": "#/components/parameters/activeUserRolesRemove" + }, + { + "$ref": "#/components/parameters/nameFirst" + }, + { + "$ref": "#/components/parameters/nameLast" + }, + { + "$ref": "#/components/parameters/nameMiddle" + }, + { + "$ref": "#/components/parameters/nameSuffix" + }, + { + "$ref": "#/components/parameters/newUsername" + }, + { + "$ref": "#/components/parameters/orgShortname" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the updated user information", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/update-user-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - } }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/create-org-request.json" - } - } - } - } - } - }, - "/org/{identifier}": { - "get": { - "tags": [ - "Organization" - ], - "summary": "Retrieves information about the organization specified by short name or UUID (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves organization record for the specified shortname or UUID if it is the user's organization

Secretariat: Retrieves information about any organization

", - "operationId": "orgSingle", - "parameters": [ - { - "name": "identifier", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname or UUID of the organization" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the organization information", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/get-org-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "/org/{shortname}/user/{username}/reset_secret": { + "put": { + "tags": [ + "Users" + ], + "summary": "Reset the API key for a user (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular User: Resets user's own API secret

Admin User: Resets any user's API secret in the Admin's organization

Secretariat: Resets any user's API secret

", + "operationId": "userResetSecret", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "name": "username", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The username of the user" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the new API key", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/reset-secret-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/users": { + "get": { + "tags": [ + "Users" + ], + "summary": "Retrieves information about all registered users (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves information about all users for all organizations

", + "operationId": "userAll", + "parameters": [ + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns all users, along with pagination fields if results span multiple pages of data.", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/list-users-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/health-check": { + "get": { + "tags": [ + "Utilities" + ], + "summary": "Checks that the system is running (accessible to all users)", + "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

Returns a 200 response code when CVE Services are running

", + "operationId": "healthCheck", + "parameters": [], + "responses": { + "200": { + "description": "Returns a 200 response code" + } } - } } - } } - } }, - "/org/{shortname}": { - "put": { - "tags": [ - "Organization" - ], - "summary": "Updates information about the organization specified by short name (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Updates any organization's information

", - "operationId": "orgUpdateSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/id_quota" - }, - { - "$ref": "#/components/parameters/name" - }, - { - "$ref": "#/components/parameters/newShortname" - }, - { - "$ref": "#/components/parameters/active_roles_add" - }, - { - "$ref": "#/components/parameters/active_roles_remove" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about the organization updated", - "content": { - "application/json": { + "components": { + "parameters": { + "active": { + "in": "query", + "name": "active", + "description": "The new active state for the user entry. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", + "required": false, "schema": { - "$ref": "../schemas/org/update-org-response.json" + "type": "boolean" } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "active_roles_add": { + "in": "query", + "name": "active_roles.add", + "description": "Add an active role to the organization", + "required": false, + "schema": { + "type": "string", + "enum": [ + "CNA", + "SECRETARIAT" + ] } - } - } - } - } - } - }, - "/org/{shortname}/id_quota": { - "get": { - "tags": [ - "Organization" - ], - "summary": "Retrieves an organization's CVE ID quota (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves the CVE ID quota for the user's organization

Secretariat: Retrieves the CVE ID quota for any organization

", - "operationId": "orgIdQuota", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the CVE ID quota for an organization", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/get-org-quota-response.json" + "active_roles_remove": { + "in": "query", + "name": "active_roles.remove", + "description": "Remove an active role from the organization", + "required": false, + "schema": { + "type": "string", + "enum": [ + "CNA", + "SECRETARIAT" + ] } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" + }, + "activeUserRolesAdd": { + "in": "query", + "name": "active_roles.add", + "description": "Add an active role to the user", + "required": false, + "schema": { + "type": "string", + "enum": [ + "ADMIN" + ] } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "activeUserRolesRemove": { + "in": "query", + "name": "active_roles.remove", + "description": "Remove an active role from the user", + "required": false, + "schema": { + "type": "string", + "enum": [ + "ADMIN" + ] } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { + }, + "apiEntityHeader": { + "in": "header", + "name": "CVE-API-ORG", + "description": "The shortname for the organization associated with the user requesting authentication", + "required": true, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { + }, + "apiUserHeader": { + "in": "header", + "name": "CVE-API-USER", + "description": "The username for the account making the request", + "required": true, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { + }, + "apiSecretHeader": { + "in": "header", + "name": "CVE-API-KEY", + "description": "The user's API key", + "required": true, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - } - } - } - }, - "/org/{shortname}/users": { - "get": { - "tags": [ - "Users" - ], - "summary": "Retrieves all users for the organization with the specified short name (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves information about users in the same organization

Secretariat: Retrieves all user information for any organization

", - "operationId": "userOrgAll", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns all users for the organization, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { + "amount": { + "in": "query", + "name": "amount", + "description": "Quantity of CVE IDs to reserve", + "required": true, "schema": { - "$ref": "../schemas/user/list-users-response.json" + "type": "integer", + "format": "int32" } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { + }, + "assigner": { + "in": "query", + "name": "assigner", + "description": "Filter by assigner org UUID", + "required": false, "schema": { - "$ref": "../schemas/errors/bad-request.json" + "type": "string" } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { + }, + "assignerShortName": { + "in": "query", + "name": "assigner_short_name", + "description": "Filter by assignerShortName", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "batch_type": { + "in": "query", + "name": "batch_type", + "description": "Required when amount is greater than one, determines whether the reserved CVE IDs should be sequential or non-sequential", + "required": false, + "schema": { + "type": "string", + "enum": [ + "sequential", + "non-sequential", + "nonsequential" + ] } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { + }, + "countOnly": { + "in": "query", + "name": "count_only", + "description": "Get count of records that match query. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "boolean" } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { + }, + "nextPage": { + "in": "query", + "name": "next_page", + "description": "Key returned by a GET /cve_cursor call that must be used to get the next page of results in a subsequent call", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - } - } - } - }, - "/org/{shortname}/user": { - "post": { - "tags": [ - "Users" - ], - "summary": "Create a user with the provided short name as the owning organization (accessible to Admins and Secretariats)", - "description": "

Access Control

User must belong to an organization with the Secretariat role or be an Admin of the organization

Expected Behavior

Admin User: Creates a user for the Admin's organization

Secretariat: Creates a user for any organization

", - "operationId": "userCreateSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the new user information (with the secret)", - "content": { - "application/json": { + "previousPage": { + "in": "query", + "name": "previous_page", + "description": "Key returned by a GET /cve_cursor call that must be used to get the previous page of results in a subsequent call", + "required": false, "schema": { - "$ref": "../schemas/user/create-user-response.json" + "type": "string" } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { + }, + "limit": { + "in": "query", + "name": "limit", + "description": "CVE records to return per page. Must be between 1-500. ", + "required": false, "schema": { - "$ref": "../schemas/errors/bad-request.json" + "type": "integer" } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { + }, + "cnaModified": { + "in": "query", + "name": "cna_modified", + "description": "Only get CVE records with cnaContainers that have been modified/created within the set time_modified range. Requires at least one time_modified parameter set", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "boolean" } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { + }, + "adpShortName": { + "in": "query", + "name": "adp_short_name", + "description": "Only get CVE records that have an adpContainer owned by this org.", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "cveState": { + "in": "query", + "name": "state", + "description": "Filter by state", + "schema": { + "type": "string", + "enum": [ + "PUBLISHED", + "REJECTED" + ] } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { + }, + "cve_year": { + "in": "query", + "name": "cve_year", + "description": "The year the CVE IDs will be reserved for (i.e., 1999, ..., currentYear + 1)", + "required": true, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "integer", + "format": "int32" } - } - } - } - }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/create-user-request.json" - } - } - } - } - } - }, - "/org/{shortname}/user/{username}": { - "get": { - "tags": [ - "Users" - ], - "summary": "Retrieves information about a user for the specified username and organization short name (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves information about a user in the same organization

Secretariat: Retrieves any user's information

", - "operationId": "userSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The shortname of the organization" - }, - { - "name": "username", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The username of the user" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about the specified user", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/get-user-response.json" + "cveIdGetFilteredState": { + "in": "query", + "name": "state", + "description": "Filter by state ", + "required": false, + "schema": { + "type": "string", + "enum": [ + "RESERVED", + "PUBLISHED", + "REJECTED" + ] } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { + }, + "cveIdGetFilteredCveIdYear": { + "in": "query", + "name": "cve_id_year", + "description": "Filter by the year of the CVE IDs", + "required": false, "schema": { - "$ref": "../schemas/errors/bad-request.json" + "type": "string" } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { + }, + "cveIdGetFilteredTimeReservedLt": { + "in": "query", + "name": "time_reserved.lt", + "description": "Most recent reserved timestamp to retrieve. Include with all requests potentially returning multiple pages of CVE IDs to avoid issues if new IDs are reserved during use.

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string", + "format": "date-time" } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { + }, + "cveIdGetFilteredTimeReservedGt": { + "in": "query", + "name": "time_reserved.gt", + "description": "Earliest CVE ID reserved timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string", + "format": "date-time" } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { + }, + "cveIdGetFilteredTimeModifiedLt": { + "in": "query", + "name": "time_modified.lt", + "description": "Most recent modified timestamp to retrieve. Include with all requests using a time_modified.gt filter potentially returning multiple pages of CVE IDs. This will avoid issues if IDs are reserved or modified during use.

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string", + "format": "date-time" } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { + }, + "cveIdGetFilteredTimeModifiedGt": { + "in": "query", + "name": "time_modified.gt", + "description": "Earliest CVE ID modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string", + "format": "date-time" } - } - } - } - } - }, - "put": { - "tags": [ - "Users" - ], - "summary": "Updates information about a user for the specified username and organization shortname (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular User: Updates the user's own information. Only name fields may be changed.

Admin User: Updates information about a user in the Admin's organization. Allowed to change all fields except org_short_name.

Secretariat: Updates information about a user in any organization. Allowed to change all fields.

", - "operationId": "userUpdateSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "name": "username", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The username of the user" - }, - { - "$ref": "#/components/parameters/active" - }, - { - "$ref": "#/components/parameters/activeUserRolesAdd" - }, - { - "$ref": "#/components/parameters/activeUserRolesRemove" - }, - { - "$ref": "#/components/parameters/nameFirst" - }, - { - "$ref": "#/components/parameters/nameLast" - }, - { - "$ref": "#/components/parameters/nameMiddle" - }, - { - "$ref": "#/components/parameters/nameSuffix" - }, - { - "$ref": "#/components/parameters/newUsername" - }, - { - "$ref": "#/components/parameters/orgShortname" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the updated user information", - "content": { - "application/json": { + "cveRecordFilteredTimeModifiedLt": { + "in": "query", + "name": "time_modified.lt", + "description": "Most recent CVE record modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, "schema": { - "$ref": "../schemas/user/update-user-response.json" + "type": "string", + "format": "date-time" } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { + }, + "cveRecordFilteredTimeModifiedGt": { + "in": "query", + "name": "time_modified.gt", + "description": "Earliest CVE record modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, "schema": { - "$ref": "../schemas/errors/bad-request.json" + "type": "string", + "format": "date-time" } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { + }, + "id_quota": { + "in": "query", + "name": "id_quota", + "description": "The new number of CVE IDs the organization is allowed to have in the RESERVED state at one time", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 100000 } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { + }, + "name": { + "in": "query", + "name": "name", + "description": "The new name for the organization", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { + }, + "nameFirst": { + "in": "query", + "name": "name.first", + "description": "The new first name for the user entry", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { + }, + "nameLast": { + "in": "query", + "name": "name.last", + "description": "The new last name for the user entry", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - } - } - } - }, - "/org/{shortname}/user/{username}/reset_secret": { - "put": { - "tags": [ - "Users" - ], - "summary": "Reset the API key for a user (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular User: Resets user's own API secret

Admin User: Resets any user's API secret in the Admin's organization

Secretariat: Resets any user's API secret

", - "operationId": "userResetSecret", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "name": "username", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The username of the user" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the new API key", - "content": { - "application/json": { + "nameMiddle": { + "in": "query", + "name": "name.middle", + "description": "The new middle name for the user entry", + "required": false, "schema": { - "$ref": "../schemas/user/reset-secret-response.json" + "type": "string" } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { + }, + "nameSuffix": { + "in": "query", + "name": "name.suffix", + "description": "The new suffix for the user entry", + "required": false, "schema": { - "$ref": "../schemas/errors/bad-request.json" + "type": "string" } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { + }, + "newShortname": { + "in": "query", + "name": "new_short_name", + "description": "The new shortname for the organization", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { + }, + "newUsername": { + "in": "query", + "name": "new_username", + "description": "The new username for the user, preferably the user's email address. Must be 3-128 characters in length; allowed characters are alphanumeric and -_@.", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { + }, + "org": { + "in": "query", + "name": "org", + "description": "The shortname of the new owning_cna for the CVE ID", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { + }, + "orgShortname": { + "in": "query", + "name": "org_short_name", + "description": "The new organization for the user", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - } - } - } - }, - "/users": { - "get": { - "tags": [ - "Users" - ], - "summary": "Retrieves information about all registered users (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves information about all users for all organizations

", - "operationId": "userAll", - "parameters": [ - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns all users, along with pagination fields if results span multiple pages of data.", - "content": { - "application/json": { + }, + "pageQuery": { + "in": "query", + "name": "page", + "description": "The current page in the paginator", + "required": false, "schema": { - "$ref": "../schemas/user/list-users-response.json" + "type": "integer", + "format": "int32", + "minimum": 1 } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { + }, + "short_name": { + "in": "query", + "name": "short_name", + "description": "The CNA that will own the reserved CVE IDs", + "required": true, "schema": { - "$ref": "../schemas/errors/bad-request.json" + "type": "string" } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { + }, + "shortname": { + "in": "query", + "name": "shortname", + "description": "The new shortname for the organization", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "state": { + "in": "query", + "name": "state", + "description": "The new state for the CVE ID", + "required": false, + "schema": { + "type": "string", + "enum": [ + "RESERVED", + "REJECTED" + ] } - } } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "examples": { + "publishedRecord": { + "value": { + "containers": { + "cna": { + "affected": [ + { + "vendor": "string", + "product": "string", + "versions": [ + { + "version": "string", + "status": "string" + } + ] + } + ], + "descriptions": [ + { + "lang": "string", + "value": "string" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "description": "string", + "lang": "string", + "type": "string" + } + ] + } + ], + "providerMetadata": { + "orgId": "string", + "shortName": "string", + "dateUpdated": "2022-05-13T14:26:39.293Z" + }, + "references": [ + { + "name": "string", + "tags": [ + "string" + ], + "url": "string" + } + ] + } + }, + "cveMetadata": { + "assignerOrgId": "string", + "cveId": "string", + "state": "string", + "assignerShortName": "string", + "requesterUserId": "string", + "dateReserved": "string", + "datePublished": "string" + }, + "dataType": "string", + "dataVersion": "string" } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "rejectedRecord": { + "value": { + "containers": { + "cna": { + "rejectedReasons": [ + { + "lang": "string", + "value": "string", + "supportingMedia": [ + { + "type": "string", + "base64": false, + "value": "string" + } + ] + } + ], + "replacedBy": [ + "string" + ], + "providerMetadata": { + "orgId": "string", + "shortName": "string", + "dateUpdated": "2022-05-13T14:27:39.617Z" + } + } + }, + "cveMetadata": { + "assignerOrgId": "string", + "cveId": "string", + "state": "string", + "assignerShortName": "string", + "requesterUserId": "string", + "dateReserved": "string", + "datePublished": "string" + }, + "dataType": "string", + "dataVersion": "string" } - } - } - } - } - } - }, - "/health-check": { - "get": { - "tags": [ - "Utilities" - ], - "summary": "Checks that the system is running (accessible to all users)", - "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

Returns a 200 response code when CVE Services are running

", - "operationId": "healthCheck", - "parameters": [], - "responses": { - "200": { - "description": "Returns a 200 response code" - } - } - } - } - }, - "components": { - "parameters": { - "active": { - "in": "query", - "name": "active", - "description": "The new active state for the user entry. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", - "required": false, - "schema": { - "type": "boolean" - } - }, - "active_roles_add": { - "in": "query", - "name": "active_roles.add", - "description": "Add an active role to the organization", - "required": false, - "schema": { - "type": "string", - "enum": [ - "CNA", - "SECRETARIAT" - ] - } - }, - "active_roles_remove": { - "in": "query", - "name": "active_roles.remove", - "description": "Remove an active role from the organization", - "required": false, - "schema": { - "type": "string", - "enum": [ - "CNA", - "SECRETARIAT" - ] - } - }, - "activeUserRolesAdd": { - "in": "query", - "name": "active_roles.add", - "description": "Add an active role to the user", - "required": false, - "schema": { - "type": "string", - "enum": [ - "ADMIN" - ] - } - }, - "activeUserRolesRemove": { - "in": "query", - "name": "active_roles.remove", - "description": "Remove an active role from the user", - "required": false, - "schema": { - "type": "string", - "enum": [ - "ADMIN" - ] - } - }, - "apiEntityHeader": { - "in": "header", - "name": "CVE-API-ORG", - "description": "The shortname for the organization associated with the user requesting authentication", - "required": true, - "schema": { - "type": "string" - } - }, - "apiUserHeader": { - "in": "header", - "name": "CVE-API-USER", - "description": "The username for the account making the request", - "required": true, - "schema": { - "type": "string" - } - }, - "apiSecretHeader": { - "in": "header", - "name": "CVE-API-KEY", - "description": "The user's API key", - "required": true, - "schema": { - "type": "string" - } - }, - "amount": { - "in": "query", - "name": "amount", - "description": "Quantity of CVE IDs to reserve", - "required": true, - "schema": { - "type": "integer", - "format": "int32" - } - }, - "assigner": { - "in": "query", - "name": "assigner", - "description": "Filter by assigner org UUID", - "required": false, - "schema": { - "type": "string" - } - }, - "assignerShortName": { - "in": "query", - "name": "assigner_short_name", - "description": "Filter by assignerShortName", - "required": false, - "schema": { - "type": "string" - } - }, - "batch_type": { - "in": "query", - "name": "batch_type", - "description": "Required when amount is greater than one, determines whether the reserved CVE IDs should be sequential or non-sequential", - "required": false, - "schema": { - "type": "string", - "enum": [ - "sequential", - "non-sequential", - "nonsequential" - ] - } - }, - "countOnly": { - "in": "query", - "name": "count_only", - "description": "Get count of records that match query. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", - "required": false, - "schema": { - "type": "boolean" - } - }, - "nextPage": { - "in": "query", - "name": "next_page", - "description": "Key returned by a GET /cve_cursor call that must be used to get the next page of results in a subsequent call", - "required": false, - "schema": { - "type": "string" - } - }, - "previousPage": { - "in": "query", - "name": "previous_page", - "description": "Key returned by a GET /cve_cursor call that must be used to get the previous page of results in a subsequent call", - "required": false, - "schema": { - "type": "string" - } - }, - "limit": { - "in": "query", - "name": "limit", - "description": "CVE records to return per page. Must be between 1-500. ", - "required": false, - "schema": { - "type": "integer" - } - }, - "cnaModified": { - "in": "query", - "name": "cna_modified", - "description": "Only get CVE records with cnaContainers that have been modified/created within the set time_modified range. Requires at least one time_modified parameter set", - "required": false, - "schema": { - "type": "boolean" - } - }, - "adpShortName": { - "in": "query", - "name": "adp_short_name", - "description": "Only get CVE records that have an adpContainer owned by this org.", - "required": false, - "schema": { - "type": "string" - } - }, - "cveState": { - "in": "query", - "name": "state", - "description": "Filter by state", - "schema": { - "type": "string", - "enum": [ - "PUBLISHED", - "REJECTED" - ] - } - }, - "cve_year": { - "in": "query", - "name": "cve_year", - "description": "The year the CVE IDs will be reserved for (i.e., 1999, ..., currentYear + 1)", - "required": true, - "schema": { - "type": "integer", - "format": "int32" - } - }, - "cveIdGetFilteredState": { - "in": "query", - "name": "state", - "description": "Filter by state ", - "required": false, - "schema": { - "type": "string", - "enum": [ - "RESERVED", - "PUBLISHED", - "REJECTED" - ] - } - }, - "cveIdGetFilteredCveIdYear": { - "in": "query", - "name": "cve_id_year", - "description": "Filter by the year of the CVE IDs", - "required": false, - "schema": { - "type": "string" - } - }, - "cveIdGetFilteredTimeReservedLt": { - "in": "query", - "name": "time_reserved.lt", - "description": "Most recent reserved timestamp to retrieve. Include with all requests potentially returning multiple pages of CVE IDs to avoid issues if new IDs are reserved during use.

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, - "schema": { - "type": "string", - "format": "date-time" - } - }, - "cveIdGetFilteredTimeReservedGt": { - "in": "query", - "name": "time_reserved.gt", - "description": "Earliest CVE ID reserved timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, - "schema": { - "type": "string", - "format": "date-time" - } - }, - "cveIdGetFilteredTimeModifiedLt": { - "in": "query", - "name": "time_modified.lt", - "description": "Most recent modified timestamp to retrieve. Include with all requests using a time_modified.gt filter potentially returning multiple pages of CVE IDs. This will avoid issues if IDs are reserved or modified during use.

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, - "schema": { - "type": "string", - "format": "date-time" - } - }, - "cveIdGetFilteredTimeModifiedGt": { - "in": "query", - "name": "time_modified.gt", - "description": "Earliest CVE ID modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, - "schema": { - "type": "string", - "format": "date-time" - } - }, - "cveRecordFilteredTimeModifiedLt": { - "in": "query", - "name": "time_modified.lt", - "description": "Most recent CVE record modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, - "schema": { - "type": "string", - "format": "date-time" - } - }, - "cveRecordFilteredTimeModifiedGt": { - "in": "query", - "name": "time_modified.gt", - "description": "Earliest CVE record modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, - "schema": { - "type": "string", - "format": "date-time" - } - }, - "id_quota": { - "in": "query", - "name": "id_quota", - "description": "The new number of CVE IDs the organization is allowed to have in the RESERVED state at one time", - "required": false, - "schema": { - "type": "integer", - "format": "int32", - "minimum": 0, - "maximum": 100000 - } - }, - "name": { - "in": "query", - "name": "name", - "description": "The new name for the organization", - "required": false, - "schema": { - "type": "string" - } - }, - "nameFirst": { - "in": "query", - "name": "name.first", - "description": "The new first name for the user entry", - "required": false, - "schema": { - "type": "string" - } - }, - "nameLast": { - "in": "query", - "name": "name.last", - "description": "The new last name for the user entry", - "required": false, - "schema": { - "type": "string" - } - }, - "nameMiddle": { - "in": "query", - "name": "name.middle", - "description": "The new middle name for the user entry", - "required": false, - "schema": { - "type": "string" - } - }, - "nameSuffix": { - "in": "query", - "name": "name.suffix", - "description": "The new suffix for the user entry", - "required": false, - "schema": { - "type": "string" - } - }, - "newShortname": { - "in": "query", - "name": "new_short_name", - "description": "The new shortname for the organization", - "required": false, - "schema": { - "type": "string" - } - }, - "newUsername": { - "in": "query", - "name": "new_username", - "description": "The new username for the user, preferably the user's email address. Must be 3-128 characters in length; allowed characters are alphanumeric and -_@.", - "required": false, - "schema": { - "type": "string" - } - }, - "org": { - "in": "query", - "name": "org", - "description": "The shortname of the new owning_cna for the CVE ID", - "required": false, - "schema": { - "type": "string" - } - }, - "orgShortname": { - "in": "query", - "name": "org_short_name", - "description": "The new organization for the user", - "required": false, - "schema": { - "type": "string" - } - }, - "pageQuery": { - "in": "query", - "name": "page", - "description": "The current page in the paginator", - "required": false, - "schema": { - "type": "integer", - "format": "int32", - "minimum": 1 - } - }, - "short_name": { - "in": "query", - "name": "short_name", - "description": "The CNA that will own the reserved CVE IDs", - "required": true, - "schema": { - "type": "string" - } - }, - "shortname": { - "in": "query", - "name": "shortname", - "description": "The new shortname for the organization", - "required": false, - "schema": { - "type": "string" - } - }, - "state": { - "in": "query", - "name": "state", - "description": "The new state for the CVE ID", - "required": false, - "schema": { - "type": "string", - "enum": [ - "RESERVED", - "REJECTED" - ] - } - } - }, - "examples": { - "publishedRecord": { - "value": { - "containers": { - "cna": { - "affected": [ - { - "vendor": "string", - "product": "string", - "versions": [ - { - "version": "string", - "status": "string" - } - ] - } - ], - "descriptions": [ - { - "lang": "string", - "value": "string" - } - ], - "problemTypes": [ - { - "descriptions": [ - { - "description": "string", - "lang": "string", - "type": "string" - } - ] - } - ], - "providerMetadata": { - "orgId": "string", - "shortName": "string", - "dateUpdated": "2022-05-13T14:26:39.293Z" - }, - "references": [ - { - "name": "string", - "tags": [ - "string" - ], - "url": "string" - } - ] - } - }, - "cveMetadata": { - "assignerOrgId": "string", - "cveId": "string", - "state": "string", - "assignerShortName": "string", - "requesterUserId": "string", - "dateReserved": "string", - "datePublished": "string" - }, - "dataType": "string", - "dataVersion": "string" - } - }, - "rejectedRecord": { - "value": { - "containers": { - "cna": { - "rejectedReasons": [ - { - "lang": "string", - "value": "string", - "supportingMedia": [ - { - "type": "string", - "base64": false, - "value": "string" + }, + "rejectedCreateCVERecord": { + "value": { + "message": "string", + "created": { + "containers": { + "cna": { + "rejectedReasons": [ + { + "lang": "string", + "value": "string", + "supportingMedia": [ + { + "type": "string", + "base64": false, + "value": "string" + } + ] + } + ], + "replacedBy": [ + "string" + ], + "providerMetadata": { + "orgId": "string", + "shortName": "string", + "dateUpdated": "2022-05-13T14:27:39.617Z" + } + } + }, + "cveMetadata": { + "assignerOrgId": "string", + "cveId": "string", + "state": "string", + "assignerShortName": "string", + "requesterUserId": "string", + "dateReserved": "string", + "datePublished": "string" + }, + "dataType": "string", + "dataVersion": "string" } - ] - } - ], - "replacedBy": [ - "string" - ], - "providerMetadata": { - "orgId": "string", - "shortName": "string", - "dateUpdated": "2022-05-13T14:27:39.617Z" - } - } - }, - "cveMetadata": { - "assignerOrgId": "string", - "cveId": "string", - "state": "string", - "assignerShortName": "string", - "requesterUserId": "string", - "dateReserved": "string", - "datePublished": "string" - }, - "dataType": "string", - "dataVersion": "string" - } - }, - "rejectedCreateCVERecord": { - "value": { - "message": "string", - "created": { - "containers": { - "cna": { - "rejectedReasons": [ - { - "lang": "string", - "value": "string", - "supportingMedia": [ - { - "type": "string", - "base64": false, - "value": "string" - } - ] - } - ], - "replacedBy": [ - "string" - ], - "providerMetadata": { - "orgId": "string", - "shortName": "string", - "dateUpdated": "2022-05-13T14:27:39.617Z" } - } - }, - "cveMetadata": { - "assignerOrgId": "string", - "cveId": "string", - "state": "string", - "assignerShortName": "string", - "requesterUserId": "string", - "dateReserved": "string", - "datePublished": "string" - }, - "dataType": "string", - "dataVersion": "string" - } + } } - } } - } } \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index b07c98a0..aa417ced 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "cve-services", - "version": "2.2.0", + "version": "2.2.1", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "cve-services", - "version": "2.2.0", + "version": "2.2.1", "license": "(CC0)", "dependencies": { "ajv": "^8.6.2", @@ -18194,4 +18194,4 @@ "dev": true } } -} +} \ No newline at end of file diff --git a/package.json b/package.json index a44d1aa3..16b32dfc 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "cve-services", "author": "Automation Working Group", - "version": "2.2.0", + "version": "2.2.1", "license": "(CC0)", "devDependencies": { "@faker-js/faker": "^7.6.0", @@ -100,4 +100,4 @@ "test:coverage-html": "NODE_ENV=test nyc --reporter=html mocha src/* --recursive --exit || true", "test:scripts": "NODE_ENV=development node-dev src/scripts/templateScript.js" } -} +} \ No newline at end of file diff --git a/src/swagger.js b/src/swagger.js index 938e91fb..b7df5d4c 100644 --- a/src/swagger.js +++ b/src/swagger.js @@ -14,7 +14,7 @@ const rejectedCreateCVERecord = require('../schemas/cve/rejected-create-cve-exam /* eslint-disable no-multi-str */ const doc = { info: { - version: '2.2.0', + version: '2.2.1', title: 'CVE Services API', description: "The CVE Services API supports automation tooling for the CVE Program. Credentials are \ required for most service endpoints. Representatives of \ From fe7f76531adbdca2d3790d6caf5127f786b49e87 Mon Sep 17 00:00:00 2001 From: "Daigneau, Jeremy T" Date: Wed, 14 Feb 2024 09:49:54 -0500 Subject: [PATCH 5/5] updated generated openapi --- api-docs/openapi.json | 6630 ++++++++++++++++++++--------------------- 1 file changed, 3315 insertions(+), 3315 deletions(-) diff --git a/api-docs/openapi.json b/api-docs/openapi.json index 5b349680..6652bd13 100644 --- a/api-docs/openapi.json +++ b/api-docs/openapi.json @@ -1,3480 +1,3480 @@ { - "openapi": "3.0.2", - "info": { - "version": "2.2.1", - "title": "CVE Services API", - "description": "The CVE Services API supports automation tooling for the CVE Program. Credentials are required for most service endpoints. Representatives of CVE Numbering Authorities (CNAs) should use one of the methods below to obtain credentials:
  • If your organization already has an Organizational Administrator (OA) account for the CVE Services, ask your admin for credentials
  • Contact your Root (Google, INCIBE, JPCERT/CC, or Red Hat) or Top-Level Root (CISA ICS or MITRE) to request credentials

CVE data is to be in the JSON 5.0 CVE Record format. Details of the JSON 5.0 schema are located here.

Contact the CVE Services team", - "contact": { - "name": "CVE Services Overview", - "url": "https://cveproject.github.io/automation-cve-services#services-overview" + "openapi": "3.0.2", + "info": { + "version": "2.2.1", + "title": "CVE Services API", + "description": "The CVE Services API supports automation tooling for the CVE Program. Credentials are required for most service endpoints. Representatives of CVE Numbering Authorities (CNAs) should use one of the methods below to obtain credentials:
  • If your organization already has an Organizational Administrator (OA) account for the CVE Services, ask your admin for credentials
  • Contact your Root (Google, INCIBE, JPCERT/CC, or Red Hat) or Top-Level Root (CISA ICS or MITRE) to request credentials

CVE data is to be in the JSON 5.0 CVE Record format. Details of the JSON 5.0 schema are located here.

Contact the CVE Services team", + "contact": { + "name": "CVE Services Overview", + "url": "https://cveproject.github.io/automation-cve-services#services-overview" + } + }, + "servers": [ + { + "url": "https://cveawg-dev.mitre.org/api" + } + ], + "paths": { + "/cve-id": { + "get": { + "tags": [ + "CVE ID" + ], + "summary": "Retrieves information about CVE IDs after applying the query parameters as filters (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves filtered CVE IDs owned by the user's organization

Secretariat: Retrieves filtered CVE IDs owned by any organization

", + "operationId": "cveIdGetFiltered", + "parameters": [ + { + "$ref": "#/components/parameters/cveIdGetFilteredState" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredCveIdYear" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedLt" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedGt" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedLt" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedGt" + }, + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "A filtered list of information about CVE IDs owned by the organization, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/list-cve-ids-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } + }, + "post": { + "tags": [ + "CVE ID" + ], + "summary": "Reserves CVE IDs for the organization provided in the short_name query parameter (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Reserves CVE IDs for the CNA

Secretariat: Reserves CVE IDs for any organization

", + "operationId": "cveIdReserve", + "parameters": [ + { + "$ref": "#/components/parameters/amount" + }, + { + "$ref": "#/components/parameters/batch_type" + }, + { + "$ref": "#/components/parameters/cve_year" + }, + { + "$ref": "#/components/parameters/short_name" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "A list of the newly reserved CVE IDs", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/create-cve-ids-response.json" + } + } + } + }, + "206": { + "description": "A partial list of the CVE IDs the IDR service managed to reserve before encountering a case where no more CVE IDs could be reserved", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/create-cve-ids-partial-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + } + } }, - "servers": [ - { - "url": "https://cveawg-dev.mitre.org/api" - } - ], - "paths": { - "/cve-id": { - "get": { - "tags": [ - "CVE ID" - ], - "summary": "Retrieves information about CVE IDs after applying the query parameters as filters (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves filtered CVE IDs owned by the user's organization

Secretariat: Retrieves filtered CVE IDs owned by any organization

", - "operationId": "cveIdGetFiltered", - "parameters": [ - { - "$ref": "#/components/parameters/cveIdGetFilteredState" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredCveIdYear" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedLt" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedGt" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedLt" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedGt" - }, - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "A filtered list of information about CVE IDs owned by the organization, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/list-cve-ids-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + "/cve-id/{id}": { + "get": { + "tags": [ + "CVE ID" + ], + "summary": "Retrieves information about the specified CVE ID (accessible to all users)", + "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

Regular, CNA & Admin Users: Retrieves full information about a CVE ID owned by their organization; partial information about a CVE ID owned by other organizations

Unauthenticated Users: Retrieves partial information about a CVE ID

Secretariat: Retrieves full information about a CVE ID owned by any organization

Note - The owning organization of RESERVED CVE IDs is redacted for all users other than those in the owning organization or Secretariat

", + "operationId": "cveIdGetSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the CVE ID information to retrieve" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The requested CVE ID information is returned", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/get-cve-id-response.json" } + } + } + }, + "400": { + "description": "Bad Request", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } }, - "post": { - "tags": [ - "CVE ID" - ], - "summary": "Reserves CVE IDs for the organization provided in the short_name query parameter (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Reserves CVE IDs for the CNA

Secretariat: Reserves CVE IDs for any organization

", - "operationId": "cveIdReserve", - "parameters": [ - { - "$ref": "#/components/parameters/amount" - }, - { - "$ref": "#/components/parameters/batch_type" - }, - { - "$ref": "#/components/parameters/cve_year" - }, - { - "$ref": "#/components/parameters/short_name" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "A list of the newly reserved CVE IDs", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/create-cve-ids-response.json" - } - } - } - }, - "206": { - "description": "A partial list of the CVE IDs the IDR service managed to reserve before encountering a case where no more CVE IDs could be reserved", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/create-cve-ids-partial-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" } + } } - }, - "/cve-id/{id}": { - "get": { - "tags": [ - "CVE ID" - ], - "summary": "Retrieves information about the specified CVE ID (accessible to all users)", - "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

Regular, CNA & Admin Users: Retrieves full information about a CVE ID owned by their organization; partial information about a CVE ID owned by other organizations

Unauthenticated Users: Retrieves partial information about a CVE ID

Secretariat: Retrieves full information about a CVE ID owned by any organization

Note - The owning organization of RESERVED CVE IDs is redacted for all users other than those in the owning organization or Secretariat

", - "operationId": "cveIdGetSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The id of the CVE ID information to retrieve" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The requested CVE ID information is returned", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/get-cve-id-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "429": { - "description": "Too Many Requests", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "401": { + "description": "Not Authenticated", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } + } + }, + "403": { + "description": "Forbidden", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } }, - "put": { - "tags": [ - "CVE ID" - ], - "summary": "Updates information related to the specified CVE ID (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates information related to a CVE ID owned by the CNA

Secretariat: Updates a CVE ID owned by any organization

", - "operationId": "cveIdUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The id of the CVE ID to update" - }, - { - "$ref": "#/components/parameters/org" - }, - { - "$ref": "#/components/parameters/state" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE ID information is returned", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/update-cve-id-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } - }, - "/cve-id-range/{year}": { - "post": { - "tags": [ - "CVE ID" - ], - "summary": "Creates a CVE-ID-Range for the specified year (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates a CVE-ID-Range for the specified year

", - "operationId": "cveIdRangeCreate", - "parameters": [ - { - "name": "year", - "in": "path", - "required": true, - "schema": { - "type": "integer" - }, - "description": "The year of the CVE-ID-Range" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The CVE-ID-Range was created" - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "404": { + "description": "Not Found", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } - }, - "/cve/{id}": { - "get": { - "tags": [ - "CVE Record" - ], - "summary": "Returns a CVE Record by CVE ID (accessible to all users)", - "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

All users: Retrieves the CVE Record specified

", - "operationId": "cveGetSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the Record to be retrieved" - } - ], - "responses": { - "200": { - "description": "The requested CVE Record", - "content": { - "application/json": { - "schema": { - "oneOf": [ - { - "$ref": "../schemas/cve/get-cve-record-response.json" - }, - { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" - } - ] - }, - "examples": { - "Published Record": { - "$ref": "#/components/examples/publishedRecord" - }, - "Rejected Record": { - "$ref": "#/components/examples/rejectedRecord" - } - } - } - } - }, - "400": { - "description": "Bad Request", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "429": { - "description": "Too Many Requests", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "429": { + "description": "Too Many Requests", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } + } + }, + "500": { + "description": "Internal Server Error", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } }, - "post": { - "tags": [ - "CVE Record" - ], - "summary": "Creates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates a CVE Record for any organization

", - "operationId": "cveSubmit", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being submitted" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + } + }, + "put": { + "tags": [ + "CVE ID" + ], + "summary": "Updates information related to the specified CVE ID (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates information related to a CVE ID owned by the CNA

Secretariat: Updates a CVE ID owned by any organization

", + "operationId": "cveIdUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the CVE ID to update" + }, + { + "$ref": "#/components/parameters/org" + }, + { + "$ref": "#/components/parameters/state" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE ID information is returned", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/update-cve-id-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + } + } + }, + "/cve-id-range/{year}": { + "post": { + "tags": [ + "CVE ID" + ], + "summary": "Creates a CVE-ID-Range for the specified year (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates a CVE-ID-Range for the specified year

", + "operationId": "cveIdRangeCreate", + "parameters": [ + { + "name": "year", + "in": "path", + "required": true, + "schema": { + "type": "integer" + }, + "description": "The year of the CVE-ID-Range" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The CVE-ID-Range was created" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + } + } + }, + "/cve/{id}": { + "get": { + "tags": [ + "CVE Record" + ], + "summary": "Returns a CVE Record by CVE ID (accessible to all users)", + "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

All users: Retrieves the CVE Record specified

", + "operationId": "cveGetSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the Record to be retrieved" + } + ], + "responses": { + "200": { + "description": "The requested CVE Record", + "content": { + "application/json": { + "schema": { + "oneOf": [ { - "$ref": "#/components/parameters/apiUserHeader" + "$ref": "../schemas/cve/get-cve-record-response.json" }, { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The CVE Record created", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" } + ] }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" - } - } - } + "examples": { + "Published Record": { + "$ref": "#/components/examples/publishedRecord" + }, + "Rejected Record": { + "$ref": "#/components/examples/rejectedRecord" + } + } + } + } + }, + "400": { + "description": "Bad Request", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "429": { + "description": "Too Many Requests", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + } + }, + "post": { + "tags": [ + "CVE Record" + ], + "summary": "Creates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates a CVE Record for any organization

", + "operationId": "cveSubmit", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being submitted" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The CVE Record created", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } + } + } + }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" + } + } + } + } + }, + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Updates a CVE Record for any organization

", + "operationId": "cveUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Updates a CVE Record for any organization

", - "operationId": "cveUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being updated" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-full-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" - } - } - } + "description": "The CVE ID for the record being updated" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-full-cve-record-response.json" } + } } - }, - "/cve": { - "get": { - "tags": [ - "CVE Record" - ], - "summary": "Retrieves all CVE Records after applying the query parameters as filters (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves all CVE records for all organizations

", - "operationId": "cveGetFiltered", - "parameters": [ - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" - }, - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" - }, - { - "$ref": "#/components/parameters/cveState" - }, - { - "$ref": "#/components/parameters/countOnly" - }, - { - "$ref": "#/components/parameters/assignerShortName" - }, - { - "$ref": "#/components/parameters/assigner" - }, - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/cnaModified" - }, - { - "$ref": "#/components/parameters/adpShortName" - } - ], - "responses": { - "200": { - "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "oneOf": [ - { - "$ref": "../schemas/cve/list-cve-records-response.json" - }, - { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" - } - ] - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Unauthorized" - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } + } }, - "/cve_cursor": { - "get": { - "tags": [ - "CVE Record" - ], - "summary": "Retrieves all CVE Records after applying the query parameters as filters. Uses cursor pagination to paginate results (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves all CVE records for all organizations

", - "operationId": "cveGetFilteredCursor", - "parameters": [ - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" - }, - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" - }, - { - "$ref": "#/components/parameters/cveState" - }, - { - "$ref": "#/components/parameters/countOnly" - }, - { - "$ref": "#/components/parameters/assignerShortName" - }, - { - "$ref": "#/components/parameters/assigner" - }, - { - "$ref": "#/components/parameters/cnaModified" - }, - { - "$ref": "#/components/parameters/adpShortName" - }, - { - "$ref": "#/components/parameters/nextPage" - }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" + } + } + } + } + } + }, + "/cve": { + "get": { + "tags": [ + "CVE Record" + ], + "summary": "Retrieves all CVE Records after applying the query parameters as filters (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves all CVE records for all organizations

", + "operationId": "cveGetFiltered", + "parameters": [ + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" + }, + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" + }, + { + "$ref": "#/components/parameters/cveState" + }, + { + "$ref": "#/components/parameters/countOnly" + }, + { + "$ref": "#/components/parameters/assignerShortName" + }, + { + "$ref": "#/components/parameters/assigner" + }, + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/cnaModified" + }, + { + "$ref": "#/components/parameters/adpShortName" + } + ], + "responses": { + "200": { + "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "oneOf": [ { - "$ref": "#/components/parameters/previousPage" + "$ref": "../schemas/cve/list-cve-records-response.json" }, { - "$ref": "#/components/parameters/limit" - } - ], - "responses": { - "200": { - "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "oneOf": [ - { - "$ref": "../schemas/cve/cursor-cve-records-response.json" - }, - { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" - } - ] - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Unauthorized" - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" } + ] } + } } - }, - "/cve/{id}/cna": { - "post": { - "tags": [ - "CVE Record" - ], - "summary": "Creates a CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Creates CVE Record for a CVE ID owned by their organization

Secretariat: Creates CVE Record for CVE IDs owned by any organization

", - "operationId": "cveCnaCreateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being created" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Unauthorized" + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + } + } + }, + "/cve_cursor": { + "get": { + "tags": [ + "CVE Record" + ], + "summary": "Retrieves all CVE Records after applying the query parameters as filters. Uses cursor pagination to paginate results (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves all CVE records for all organizations

", + "operationId": "cveGetFilteredCursor", + "parameters": [ + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" + }, + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" + }, + { + "$ref": "#/components/parameters/cveState" + }, + { + "$ref": "#/components/parameters/countOnly" + }, + { + "$ref": "#/components/parameters/assignerShortName" + }, + { + "$ref": "#/components/parameters/assigner" + }, + { + "$ref": "#/components/parameters/cnaModified" + }, + { + "$ref": "#/components/parameters/adpShortName" + }, + { + "$ref": "#/components/parameters/nextPage" + }, + { + "$ref": "#/components/parameters/previousPage" + }, + { + "$ref": "#/components/parameters/limit" + } + ], + "responses": { + "200": { + "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "oneOf": [ { - "$ref": "#/components/parameters/apiUserHeader" + "$ref": "../schemas/cve/cursor-cve-records-response.json" }, { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The CVE Record created", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-cna-request.json" - } - } + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" } + ] + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Unauthorized" + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } + } + } + } + } + }, + "/cve/{id}/cna": { + "post": { + "tags": [ + "CVE Record" + ], + "summary": "Creates a CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Creates CVE Record for a CVE ID owned by their organization

Secretariat: Creates CVE Record for CVE IDs owned by any organization

", + "operationId": "cveCnaCreateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates the CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates a CVE Record for records that are owned by their organization

Secretariat: Updates a CVE Record for records that are owned by any organization

", - "operationId": "cveCnaUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for which the record is being updated" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-full-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-cna-request.json" - } - } - } + "description": "The CVE ID for the record being created" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The CVE Record created", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } + } }, - "/cve/{id}/reject": { - "post": { - "tags": [ - "CVE Record" - ], - "summary": "Creates a rejected CVE Record for the specified ID if no record yet exists (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Creates a rejected CVE Record for a record owned by their organization

Secretariat: Creates a rejected CVE Record for a record owned by any organization

", - "operationId": "cveCnaCreateReject", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being rejected" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The rejected CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-rejection-request.json" - } - } - } + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-cna-request.json" + } + } + } + } + }, + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates the CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates a CVE Record for records that are owned by their organization

Secretariat: Updates a CVE Record for records that are owned by any organization

", + "operationId": "cveCnaUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for which the record is being updated" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-full-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-cna-request.json" + } + } + } + } + } + }, + "/cve/{id}/reject": { + "post": { + "tags": [ + "CVE Record" + ], + "summary": "Creates a rejected CVE Record for the specified ID if no record yet exists (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Creates a rejected CVE Record for a record owned by their organization

Secretariat: Creates a rejected CVE Record for a record owned by any organization

", + "operationId": "cveCnaCreateReject", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates an existing CVE Record with a rejected record for the specified ID (accessible to CNAs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates a rejected CVE Record for a record owned by their organization

Secretariat: Updates a rejected CVE Record for a record owned by any organization

", - "operationId": "cveCnaUpdateReject", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being rejected" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The rejected CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-cve-record-rejection-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-cve-record-rejection-request.json" - } - } - } + "description": "The CVE ID for the record being rejected" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The rejected CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-rejection-request.json" + } + } + } + } + }, + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates an existing CVE Record with a rejected record for the specified ID (accessible to CNAs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the CNA or Secretariat role

Expected Behavior

CNA: Updates a rejected CVE Record for a record owned by their organization

Secretariat: Updates a rejected CVE Record for a record owned by any organization

", + "operationId": "cveCnaUpdateReject", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being rejected" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The rejected CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-cve-record-rejection-response.json" } + } } - }, - "/cve/{id}/adp": { - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates the CVE Record from ADP Container JSON for the specified ID (accessible to ADPs and Secretariat)", - "description": "

Access Control

User must belong to an organization with the ADP or Secretariat role

Expected Behavior

ADP: Updates a CVE Record for records that are owned by any organization

Secretariat: Updates a CVE Record for records that are owned by any organization

", - "operationId": "cveAdpUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for which the record is being updated" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/cve/update-full-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" - } - } - } - } - }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/cve/create-adp-record-adp-request.json" - } - } - } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" } + } } - }, - "/org": { - "get": { - "tags": [ - "Organization" - ], - "summary": "Retrieves all organizations (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves information about all organizations

", - "operationId": "orgAll", - "parameters": [ - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about all organizations, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/list-orgs-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } - }, - "post": { - "tags": [ - "Organization" - ], - "summary": "Creates an organization as specified in the request body (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates an organization

", - "operationId": "orgCreateSingle", - "parameters": [ - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about the organization created", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/create-org-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/create-org-request.json" - } - } - } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } - }, - "/org/{identifier}": { - "get": { - "tags": [ - "Organization" - ], - "summary": "Retrieves information about the organization specified by short name or UUID (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves organization record for the specified shortname or UUID if it is the user's organization

Secretariat: Retrieves information about any organization

", - "operationId": "orgSingle", - "parameters": [ - { - "name": "identifier", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname or UUID of the organization" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the organization information", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/get-org-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } - }, - "/org/{shortname}": { - "put": { - "tags": [ - "Organization" - ], - "summary": "Updates information about the organization specified by short name (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Updates any organization's information

", - "operationId": "orgUpdateSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/id_quota" - }, - { - "$ref": "#/components/parameters/name" - }, - { - "$ref": "#/components/parameters/newShortname" - }, - { - "$ref": "#/components/parameters/active_roles_add" - }, - { - "$ref": "#/components/parameters/active_roles_remove" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about the organization updated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/update-org-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } + } }, - "/org/{shortname}/id_quota": { - "get": { - "tags": [ - "Organization" - ], - "summary": "Retrieves an organization's CVE ID quota (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves the CVE ID quota for the user's organization

Secretariat: Retrieves the CVE ID quota for any organization

", - "operationId": "orgIdQuota", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the CVE ID quota for an organization", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/get-org-quota-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-cve-record-rejection-request.json" + } + } + } + } + } + }, + "/cve/{id}/adp": { + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates the CVE Record from ADP Container JSON for the specified ID (accessible to ADPs and Secretariat)", + "description": "

Access Control

User must belong to an organization with the ADP or Secretariat role

Expected Behavior

ADP: Updates a CVE Record for records that are owned by any organization

Secretariat: Updates a CVE Record for records that are owned by any organization

", + "operationId": "cveAdpUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for which the record is being updated" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/cve/update-full-cve-record-response.json" } + } } - }, - "/org/{shortname}/users": { - "get": { - "tags": [ - "Users" - ], - "summary": "Retrieves all users for the organization with the specified short name (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves information about users in the same organization

Secretariat: Retrieves all user information for any organization

", - "operationId": "userOrgAll", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns all users for the organization, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/list-users-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/bad-request.json" } + } } - }, - "/org/{shortname}/user": { - "post": { - "tags": [ - "Users" - ], - "summary": "Create a user with the provided short name as the owning organization (accessible to Admins and Secretariats)", - "description": "

Access Control

User must belong to an organization with the Secretariat role or be an Admin of the organization

Expected Behavior

Admin User: Creates a user for the Admin's organization

Secretariat: Creates a user for any organization

", - "operationId": "userCreateSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the new user information (with the secret)", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/create-user-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/create-user-request.json" - } - } - } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" } + } } + } }, - "/org/{shortname}/user/{username}": { - "get": { - "tags": [ - "Users" - ], - "summary": "Retrieves information about a user for the specified username and organization short name (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves information about a user in the same organization

Secretariat: Retrieves any user's information

", - "operationId": "userSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "name": "username", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The username of the user" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about the specified user", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/get-user-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/cve/create-adp-record-adp-request.json" + } + } + } + } + } + }, + "/org": { + "get": { + "tags": [ + "Organization" + ], + "summary": "Retrieves all organizations (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves information about all organizations

", + "operationId": "orgAll", + "parameters": [ + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about all organizations, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/list-orgs-response.json" } - }, - "put": { - "tags": [ - "Users" - ], - "summary": "Updates information about a user for the specified username and organization shortname (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular User: Updates the user's own information. Only name fields may be changed.

Admin User: Updates information about a user in the Admin's organization. Allowed to change all fields except org_short_name.

Secretariat: Updates information about a user in any organization. Allowed to change all fields.

", - "operationId": "userUpdateSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "name": "username", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The username of the user" - }, - { - "$ref": "#/components/parameters/active" - }, - { - "$ref": "#/components/parameters/activeUserRolesAdd" - }, - { - "$ref": "#/components/parameters/activeUserRolesRemove" - }, - { - "$ref": "#/components/parameters/nameFirst" - }, - { - "$ref": "#/components/parameters/nameLast" - }, - { - "$ref": "#/components/parameters/nameMiddle" - }, - { - "$ref": "#/components/parameters/nameSuffix" - }, - { - "$ref": "#/components/parameters/newUsername" - }, - { - "$ref": "#/components/parameters/orgShortname" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the updated user information", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/update-user-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + } + }, + "post": { + "tags": [ + "Organization" + ], + "summary": "Creates an organization as specified in the request body (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Creates an organization

", + "operationId": "orgCreateSingle", + "parameters": [ + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about the organization created", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/create-org-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } - }, - "/org/{shortname}/user/{username}/reset_secret": { - "put": { - "tags": [ - "Users" - ], - "summary": "Reset the API key for a user (accessible to all registered users)", - "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular User: Resets user's own API secret

Admin User: Resets any user's API secret in the Admin's organization

Secretariat: Resets any user's API secret

", - "operationId": "userResetSecret", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "name": "username", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The username of the user" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the new API key", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/reset-secret-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } - }, - "/users": { - "get": { - "tags": [ - "Users" - ], - "summary": "Retrieves information about all registered users (accessible to Secretariat)", - "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves information about all users for all organizations

", - "operationId": "userAll", - "parameters": [ - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns all users, along with pagination fields if results span multiple pages of data.", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/list-users-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } } - }, - "/health-check": { - "get": { - "tags": [ - "Utilities" - ], - "summary": "Checks that the system is running (accessible to all users)", - "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

Returns a 200 response code when CVE Services are running

", - "operationId": "healthCheck", - "parameters": [], - "responses": { - "200": { - "description": "Returns a 200 response code" - } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } + } + } + }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/create-org-request.json" + } } + } } + } }, - "components": { - "parameters": { - "active": { - "in": "query", - "name": "active", - "description": "The new active state for the user entry. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", - "required": false, + "/org/{identifier}": { + "get": { + "tags": [ + "Organization" + ], + "summary": "Retrieves information about the organization specified by short name or UUID (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves organization record for the specified shortname or UUID if it is the user's organization

Secretariat: Retrieves information about any organization

", + "operationId": "orgSingle", + "parameters": [ + { + "name": "identifier", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname or UUID of the organization" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the organization information", + "content": { + "application/json": { "schema": { - "type": "boolean" + "$ref": "../schemas/org/get-org-response.json" } - }, - "active_roles_add": { - "in": "query", - "name": "active_roles.add", - "description": "Add an active role to the organization", - "required": false, - "schema": { - "type": "string", - "enum": [ - "CNA", - "SECRETARIAT" - ] + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" } - }, - "active_roles_remove": { - "in": "query", - "name": "active_roles.remove", - "description": "Remove an active role from the organization", - "required": false, - "schema": { - "type": "string", - "enum": [ - "CNA", - "SECRETARIAT" - ] + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } - }, - "activeUserRolesAdd": { - "in": "query", - "name": "active_roles.add", - "description": "Add an active role to the user", - "required": false, - "schema": { - "type": "string", - "enum": [ - "ADMIN" - ] + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } - }, - "activeUserRolesRemove": { - "in": "query", - "name": "active_roles.remove", - "description": "Remove an active role from the user", - "required": false, - "schema": { - "type": "string", - "enum": [ - "ADMIN" - ] + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } - }, - "apiEntityHeader": { - "in": "header", - "name": "CVE-API-ORG", - "description": "The shortname for the organization associated with the user requesting authentication", - "required": true, + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } + } + } + } + } + } + }, + "/org/{shortname}": { + "put": { + "tags": [ + "Organization" + ], + "summary": "Updates information about the organization specified by short name (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Updates any organization's information

", + "operationId": "orgUpdateSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "apiUserHeader": { - "in": "header", - "name": "CVE-API-USER", - "description": "The username for the account making the request", - "required": true, + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/id_quota" + }, + { + "$ref": "#/components/parameters/name" + }, + { + "$ref": "#/components/parameters/newShortname" + }, + { + "$ref": "#/components/parameters/active_roles_add" + }, + { + "$ref": "#/components/parameters/active_roles_remove" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about the organization updated", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/org/update-org-response.json" } - }, - "apiSecretHeader": { - "in": "header", - "name": "CVE-API-KEY", - "description": "The user's API key", - "required": true, + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/bad-request.json" } - }, - "amount": { - "in": "query", - "name": "amount", - "description": "Quantity of CVE IDs to reserve", - "required": true, + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { "schema": { - "type": "integer", - "format": "int32" + "$ref": "../schemas/errors/generic.json" } - }, - "assigner": { - "in": "query", - "name": "assigner", - "description": "Filter by assigner org UUID", - "required": false, + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } - }, - "assignerShortName": { - "in": "query", - "name": "assigner_short_name", - "description": "Filter by assignerShortName", - "required": false, + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } - }, - "batch_type": { - "in": "query", - "name": "batch_type", - "description": "Required when amount is greater than one, determines whether the reserved CVE IDs should be sequential or non-sequential", - "required": false, - "schema": { - "type": "string", - "enum": [ - "sequential", - "non-sequential", - "nonsequential" - ] + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } + } + } + } + } + }, + "/org/{shortname}/id_quota": { + "get": { + "tags": [ + "Organization" + ], + "summary": "Retrieves an organization's CVE ID quota (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves the CVE ID quota for the user's organization

Secretariat: Retrieves the CVE ID quota for any organization

", + "operationId": "orgIdQuota", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "countOnly": { - "in": "query", - "name": "count_only", - "description": "Get count of records that match query. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", - "required": false, + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the CVE ID quota for an organization", + "content": { + "application/json": { "schema": { - "type": "boolean" + "$ref": "../schemas/org/get-org-quota-response.json" } - }, - "nextPage": { - "in": "query", - "name": "next_page", - "description": "Key returned by a GET /cve_cursor call that must be used to get the next page of results in a subsequent call", - "required": false, + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/bad-request.json" } - }, - "previousPage": { - "in": "query", - "name": "previous_page", - "description": "Key returned by a GET /cve_cursor call that must be used to get the previous page of results in a subsequent call", - "required": false, + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } - }, - "limit": { - "in": "query", - "name": "limit", - "description": "CVE records to return per page. Must be between 1-500. ", - "required": false, + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { "schema": { - "type": "integer" + "$ref": "../schemas/errors/generic.json" } - }, - "cnaModified": { - "in": "query", - "name": "cna_modified", - "description": "Only get CVE records with cnaContainers that have been modified/created within the set time_modified range. Requires at least one time_modified parameter set", - "required": false, + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { "schema": { - "type": "boolean" + "$ref": "../schemas/errors/generic.json" } - }, - "adpShortName": { - "in": "query", - "name": "adp_short_name", - "description": "Only get CVE records that have an adpContainer owned by this org.", - "required": false, + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } + } + } + } + } + } + }, + "/org/{shortname}/users": { + "get": { + "tags": [ + "Users" + ], + "summary": "Retrieves all users for the organization with the specified short name (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves information about users in the same organization

Secretariat: Retrieves all user information for any organization

", + "operationId": "userOrgAll", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "cveState": { - "in": "query", - "name": "state", - "description": "Filter by state", - "schema": { - "type": "string", - "enum": [ - "PUBLISHED", - "REJECTED" - ] + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns all users for the organization, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/list-users-response.json" } - }, - "cve_year": { - "in": "query", - "name": "cve_year", - "description": "The year the CVE IDs will be reserved for (i.e., 1999, ..., currentYear + 1)", - "required": true, + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { "schema": { - "type": "integer", - "format": "int32" + "$ref": "../schemas/errors/bad-request.json" } - }, - "cveIdGetFilteredState": { - "in": "query", - "name": "state", - "description": "Filter by state ", - "required": false, - "schema": { - "type": "string", - "enum": [ - "RESERVED", - "PUBLISHED", - "REJECTED" - ] + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } - }, - "cveIdGetFilteredCveIdYear": { - "in": "query", - "name": "cve_id_year", - "description": "Filter by the year of the CVE IDs", - "required": false, + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } - }, - "cveIdGetFilteredTimeReservedLt": { - "in": "query", - "name": "time_reserved.lt", - "description": "Most recent reserved timestamp to retrieve. Include with all requests potentially returning multiple pages of CVE IDs to avoid issues if new IDs are reserved during use.

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { "schema": { - "type": "string", - "format": "date-time" + "$ref": "../schemas/errors/generic.json" } - }, - "cveIdGetFilteredTimeReservedGt": { - "in": "query", - "name": "time_reserved.gt", - "description": "Earliest CVE ID reserved timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { "schema": { - "type": "string", - "format": "date-time" + "$ref": "../schemas/errors/generic.json" } + } + } + } + } + } + }, + "/org/{shortname}/user": { + "post": { + "tags": [ + "Users" + ], + "summary": "Create a user with the provided short name as the owning organization (accessible to Admins and Secretariats)", + "description": "

Access Control

User must belong to an organization with the Secretariat role or be an Admin of the organization

Expected Behavior

Admin User: Creates a user for the Admin's organization

Secretariat: Creates a user for any organization

", + "operationId": "userCreateSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "cveIdGetFilteredTimeModifiedLt": { - "in": "query", - "name": "time_modified.lt", - "description": "Most recent modified timestamp to retrieve. Include with all requests using a time_modified.gt filter potentially returning multiple pages of CVE IDs. This will avoid issues if IDs are reserved or modified during use.

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the new user information (with the secret)", + "content": { + "application/json": { "schema": { - "type": "string", - "format": "date-time" + "$ref": "../schemas/user/create-user-response.json" } - }, - "cveIdGetFilteredTimeModifiedGt": { - "in": "query", - "name": "time_modified.gt", - "description": "Earliest CVE ID modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { "schema": { - "type": "string", - "format": "date-time" + "$ref": "../schemas/errors/bad-request.json" } - }, - "cveRecordFilteredTimeModifiedLt": { - "in": "query", - "name": "time_modified.lt", - "description": "Most recent CVE record modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { "schema": { - "type": "string", - "format": "date-time" + "$ref": "../schemas/errors/generic.json" } - }, - "cveRecordFilteredTimeModifiedGt": { - "in": "query", - "name": "time_modified.gt", - "description": "Earliest CVE record modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", - "required": false, + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { "schema": { - "type": "string", - "format": "date-time" + "$ref": "../schemas/errors/generic.json" } - }, - "id_quota": { - "in": "query", - "name": "id_quota", - "description": "The new number of CVE IDs the organization is allowed to have in the RESERVED state at one time", - "required": false, + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { "schema": { - "type": "integer", - "format": "int32", - "minimum": 0, - "maximum": 100000 + "$ref": "../schemas/errors/generic.json" } - }, - "name": { - "in": "query", - "name": "name", - "description": "The new name for the organization", - "required": false, + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } + } + } + } + }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/create-user-request.json" + } + } + } + } + } + }, + "/org/{shortname}/user/{username}": { + "get": { + "tags": [ + "Users" + ], + "summary": "Retrieves information about a user for the specified username and organization short name (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular, CNA & Admin Users: Retrieves information about a user in the same organization

Secretariat: Retrieves any user's information

", + "operationId": "userSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "nameFirst": { - "in": "query", - "name": "name.first", - "description": "The new first name for the user entry", - "required": false, + "description": "The shortname of the organization" + }, + { + "name": "username", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The username of the user" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about the specified user", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/user/get-user-response.json" } - }, - "nameLast": { - "in": "query", - "name": "name.last", - "description": "The new last name for the user entry", - "required": false, + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/bad-request.json" } - }, - "nameMiddle": { - "in": "query", - "name": "name.middle", - "description": "The new middle name for the user entry", - "required": false, + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } - }, - "nameSuffix": { - "in": "query", - "name": "name.suffix", - "description": "The new suffix for the user entry", - "required": false, + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } - }, - "newShortname": { - "in": "query", - "name": "new_short_name", - "description": "The new shortname for the organization", - "required": false, + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } - }, - "newUsername": { - "in": "query", - "name": "new_username", - "description": "The new username for the user, preferably the user's email address. Must be 3-128 characters in length; allowed characters are alphanumeric and -_@.", - "required": false, + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } + } + } + } + } + }, + "put": { + "tags": [ + "Users" + ], + "summary": "Updates information about a user for the specified username and organization shortname (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular User: Updates the user's own information. Only name fields may be changed.

Admin User: Updates information about a user in the Admin's organization. Allowed to change all fields except org_short_name.

Secretariat: Updates information about a user in any organization. Allowed to change all fields.

", + "operationId": "userUpdateSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "name": "username", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "org": { - "in": "query", - "name": "org", - "description": "The shortname of the new owning_cna for the CVE ID", - "required": false, + "description": "The username of the user" + }, + { + "$ref": "#/components/parameters/active" + }, + { + "$ref": "#/components/parameters/activeUserRolesAdd" + }, + { + "$ref": "#/components/parameters/activeUserRolesRemove" + }, + { + "$ref": "#/components/parameters/nameFirst" + }, + { + "$ref": "#/components/parameters/nameLast" + }, + { + "$ref": "#/components/parameters/nameMiddle" + }, + { + "$ref": "#/components/parameters/nameSuffix" + }, + { + "$ref": "#/components/parameters/newUsername" + }, + { + "$ref": "#/components/parameters/orgShortname" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the updated user information", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/user/update-user-response.json" } - }, - "orgShortname": { - "in": "query", - "name": "org_short_name", - "description": "The new organization for the user", - "required": false, + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/bad-request.json" } - }, - "pageQuery": { - "in": "query", - "name": "page", - "description": "The current page in the paginator", - "required": false, + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { "schema": { - "type": "integer", - "format": "int32", - "minimum": 1 + "$ref": "../schemas/errors/generic.json" } - }, - "short_name": { - "in": "query", - "name": "short_name", - "description": "The CNA that will own the reserved CVE IDs", - "required": true, + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } - }, - "shortname": { - "in": "query", - "name": "shortname", - "description": "The new shortname for the organization", - "required": false, + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { "schema": { - "type": "string" + "$ref": "../schemas/errors/generic.json" } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + } + } + }, + "/org/{shortname}/user/{username}/reset_secret": { + "put": { + "tags": [ + "Users" + ], + "summary": "Reset the API key for a user (accessible to all registered users)", + "description": "

Access Control

All registered users can access this endpoint

Expected Behavior

Regular User: Resets user's own API secret

Admin User: Resets any user's API secret in the Admin's organization

Secretariat: Resets any user's API secret

", + "operationId": "userResetSecret", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" }, - "state": { - "in": "query", - "name": "state", - "description": "The new state for the CVE ID", - "required": false, - "schema": { - "type": "string", - "enum": [ - "RESERVED", - "REJECTED" - ] + "description": "The shortname of the organization" + }, + { + "name": "username", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The username of the user" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the new API key", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/reset-secret-response.json" } + } } - }, - "examples": { - "publishedRecord": { - "value": { - "containers": { - "cna": { - "affected": [ - { - "vendor": "string", - "product": "string", - "versions": [ - { - "version": "string", - "status": "string" - } - ] - } - ], - "descriptions": [ - { - "lang": "string", - "value": "string" - } - ], - "problemTypes": [ - { - "descriptions": [ - { - "description": "string", - "lang": "string", - "type": "string" - } - ] - } - ], - "providerMetadata": { - "orgId": "string", - "shortName": "string", - "dateUpdated": "2022-05-13T14:26:39.293Z" - }, - "references": [ - { - "name": "string", - "tags": [ - "string" - ], - "url": "string" - } - ] - } - }, - "cveMetadata": { - "assignerOrgId": "string", - "cveId": "string", - "state": "string", - "assignerShortName": "string", - "requesterUserId": "string", - "dateReserved": "string", - "datePublished": "string" - }, - "dataType": "string", - "dataVersion": "string" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" } - }, - "rejectedRecord": { - "value": { - "containers": { - "cna": { - "rejectedReasons": [ - { - "lang": "string", - "value": "string", - "supportingMedia": [ - { - "type": "string", - "base64": false, - "value": "string" - } - ] - } - ], - "replacedBy": [ - "string" - ], - "providerMetadata": { - "orgId": "string", - "shortName": "string", - "dateUpdated": "2022-05-13T14:27:39.617Z" - } - } - }, - "cveMetadata": { - "assignerOrgId": "string", - "cveId": "string", - "state": "string", - "assignerShortName": "string", - "requesterUserId": "string", - "dateReserved": "string", - "datePublished": "string" - }, - "dataType": "string", - "dataVersion": "string" + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } - }, - "rejectedCreateCVERecord": { - "value": { - "message": "string", - "created": { - "containers": { - "cna": { - "rejectedReasons": [ - { - "lang": "string", - "value": "string", - "supportingMedia": [ - { - "type": "string", - "base64": false, - "value": "string" - } - ] - } - ], - "replacedBy": [ - "string" - ], - "providerMetadata": { - "orgId": "string", - "shortName": "string", - "dateUpdated": "2022-05-13T14:27:39.617Z" - } - } - }, - "cveMetadata": { - "assignerOrgId": "string", - "cveId": "string", - "state": "string", - "assignerShortName": "string", - "requesterUserId": "string", - "dateReserved": "string", - "datePublished": "string" - }, - "dataType": "string", - "dataVersion": "string" - } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + } + } + }, + "/users": { + "get": { + "tags": [ + "Users" + ], + "summary": "Retrieves information about all registered users (accessible to Secretariat)", + "description": "

Access Control

User must belong to an organization with the Secretariat role

Expected Behavior

Secretariat: Retrieves information about all users for all organizations

", + "operationId": "userAll", + "parameters": [ + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns all users, along with pagination fields if results span multiple pages of data.", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/list-users-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" } + } + } + } + } + } + }, + "/health-check": { + "get": { + "tags": [ + "Utilities" + ], + "summary": "Checks that the system is running (accessible to all users)", + "description": "

Access Control

Endpoint is accessible to all

Expected Behavior

Returns a 200 response code when CVE Services are running

", + "operationId": "healthCheck", + "parameters": [], + "responses": { + "200": { + "description": "Returns a 200 response code" + } + } + } + } + }, + "components": { + "parameters": { + "active": { + "in": "query", + "name": "active", + "description": "The new active state for the user entry. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", + "required": false, + "schema": { + "type": "boolean" + } + }, + "active_roles_add": { + "in": "query", + "name": "active_roles.add", + "description": "Add an active role to the organization", + "required": false, + "schema": { + "type": "string", + "enum": [ + "CNA", + "SECRETARIAT" + ] + } + }, + "active_roles_remove": { + "in": "query", + "name": "active_roles.remove", + "description": "Remove an active role from the organization", + "required": false, + "schema": { + "type": "string", + "enum": [ + "CNA", + "SECRETARIAT" + ] + } + }, + "activeUserRolesAdd": { + "in": "query", + "name": "active_roles.add", + "description": "Add an active role to the user", + "required": false, + "schema": { + "type": "string", + "enum": [ + "ADMIN" + ] + } + }, + "activeUserRolesRemove": { + "in": "query", + "name": "active_roles.remove", + "description": "Remove an active role from the user", + "required": false, + "schema": { + "type": "string", + "enum": [ + "ADMIN" + ] + } + }, + "apiEntityHeader": { + "in": "header", + "name": "CVE-API-ORG", + "description": "The shortname for the organization associated with the user requesting authentication", + "required": true, + "schema": { + "type": "string" + } + }, + "apiUserHeader": { + "in": "header", + "name": "CVE-API-USER", + "description": "The username for the account making the request", + "required": true, + "schema": { + "type": "string" + } + }, + "apiSecretHeader": { + "in": "header", + "name": "CVE-API-KEY", + "description": "The user's API key", + "required": true, + "schema": { + "type": "string" + } + }, + "amount": { + "in": "query", + "name": "amount", + "description": "Quantity of CVE IDs to reserve", + "required": true, + "schema": { + "type": "integer", + "format": "int32" + } + }, + "assigner": { + "in": "query", + "name": "assigner", + "description": "Filter by assigner org UUID", + "required": false, + "schema": { + "type": "string" + } + }, + "assignerShortName": { + "in": "query", + "name": "assigner_short_name", + "description": "Filter by assignerShortName", + "required": false, + "schema": { + "type": "string" + } + }, + "batch_type": { + "in": "query", + "name": "batch_type", + "description": "Required when amount is greater than one, determines whether the reserved CVE IDs should be sequential or non-sequential", + "required": false, + "schema": { + "type": "string", + "enum": [ + "sequential", + "non-sequential", + "nonsequential" + ] + } + }, + "countOnly": { + "in": "query", + "name": "count_only", + "description": "Get count of records that match query. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", + "required": false, + "schema": { + "type": "boolean" + } + }, + "nextPage": { + "in": "query", + "name": "next_page", + "description": "Key returned by a GET /cve_cursor call that must be used to get the next page of results in a subsequent call", + "required": false, + "schema": { + "type": "string" + } + }, + "previousPage": { + "in": "query", + "name": "previous_page", + "description": "Key returned by a GET /cve_cursor call that must be used to get the previous page of results in a subsequent call", + "required": false, + "schema": { + "type": "string" + } + }, + "limit": { + "in": "query", + "name": "limit", + "description": "CVE records to return per page. Must be between 1-500. ", + "required": false, + "schema": { + "type": "integer" + } + }, + "cnaModified": { + "in": "query", + "name": "cna_modified", + "description": "Only get CVE records with cnaContainers that have been modified/created within the set time_modified range. Requires at least one time_modified parameter set", + "required": false, + "schema": { + "type": "boolean" + } + }, + "adpShortName": { + "in": "query", + "name": "adp_short_name", + "description": "Only get CVE records that have an adpContainer owned by this org.", + "required": false, + "schema": { + "type": "string" + } + }, + "cveState": { + "in": "query", + "name": "state", + "description": "Filter by state", + "schema": { + "type": "string", + "enum": [ + "PUBLISHED", + "REJECTED" + ] + } + }, + "cve_year": { + "in": "query", + "name": "cve_year", + "description": "The year the CVE IDs will be reserved for (i.e., 1999, ..., currentYear + 1)", + "required": true, + "schema": { + "type": "integer", + "format": "int32" + } + }, + "cveIdGetFilteredState": { + "in": "query", + "name": "state", + "description": "Filter by state ", + "required": false, + "schema": { + "type": "string", + "enum": [ + "RESERVED", + "PUBLISHED", + "REJECTED" + ] + } + }, + "cveIdGetFilteredCveIdYear": { + "in": "query", + "name": "cve_id_year", + "description": "Filter by the year of the CVE IDs", + "required": false, + "schema": { + "type": "string" + } + }, + "cveIdGetFilteredTimeReservedLt": { + "in": "query", + "name": "time_reserved.lt", + "description": "Most recent reserved timestamp to retrieve. Include with all requests potentially returning multiple pages of CVE IDs to avoid issues if new IDs are reserved during use.

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, + "schema": { + "type": "string", + "format": "date-time" + } + }, + "cveIdGetFilteredTimeReservedGt": { + "in": "query", + "name": "time_reserved.gt", + "description": "Earliest CVE ID reserved timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, + "schema": { + "type": "string", + "format": "date-time" + } + }, + "cveIdGetFilteredTimeModifiedLt": { + "in": "query", + "name": "time_modified.lt", + "description": "Most recent modified timestamp to retrieve. Include with all requests using a time_modified.gt filter potentially returning multiple pages of CVE IDs. This will avoid issues if IDs are reserved or modified during use.

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, + "schema": { + "type": "string", + "format": "date-time" + } + }, + "cveIdGetFilteredTimeModifiedGt": { + "in": "query", + "name": "time_modified.gt", + "description": "Earliest CVE ID modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, + "schema": { + "type": "string", + "format": "date-time" + } + }, + "cveRecordFilteredTimeModifiedLt": { + "in": "query", + "name": "time_modified.lt", + "description": "Most recent CVE record modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, + "schema": { + "type": "string", + "format": "date-time" + } + }, + "cveRecordFilteredTimeModifiedGt": { + "in": "query", + "name": "time_modified.gt", + "description": "Earliest CVE record modified timestamp to retrieve

Timestamp format : yyyy-MM-ddTHH:mm:ssZZZZ", + "required": false, + "schema": { + "type": "string", + "format": "date-time" + } + }, + "id_quota": { + "in": "query", + "name": "id_quota", + "description": "The new number of CVE IDs the organization is allowed to have in the RESERVED state at one time", + "required": false, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 100000 + } + }, + "name": { + "in": "query", + "name": "name", + "description": "The new name for the organization", + "required": false, + "schema": { + "type": "string" + } + }, + "nameFirst": { + "in": "query", + "name": "name.first", + "description": "The new first name for the user entry", + "required": false, + "schema": { + "type": "string" + } + }, + "nameLast": { + "in": "query", + "name": "name.last", + "description": "The new last name for the user entry", + "required": false, + "schema": { + "type": "string" + } + }, + "nameMiddle": { + "in": "query", + "name": "name.middle", + "description": "The new middle name for the user entry", + "required": false, + "schema": { + "type": "string" + } + }, + "nameSuffix": { + "in": "query", + "name": "name.suffix", + "description": "The new suffix for the user entry", + "required": false, + "schema": { + "type": "string" + } + }, + "newShortname": { + "in": "query", + "name": "new_short_name", + "description": "The new shortname for the organization", + "required": false, + "schema": { + "type": "string" + } + }, + "newUsername": { + "in": "query", + "name": "new_username", + "description": "The new username for the user, preferably the user's email address. Must be 3-128 characters in length; allowed characters are alphanumeric and -_@.", + "required": false, + "schema": { + "type": "string" + } + }, + "org": { + "in": "query", + "name": "org", + "description": "The shortname of the new owning_cna for the CVE ID", + "required": false, + "schema": { + "type": "string" + } + }, + "orgShortname": { + "in": "query", + "name": "org_short_name", + "description": "The new organization for the user", + "required": false, + "schema": { + "type": "string" + } + }, + "pageQuery": { + "in": "query", + "name": "page", + "description": "The current page in the paginator", + "required": false, + "schema": { + "type": "integer", + "format": "int32", + "minimum": 1 + } + }, + "short_name": { + "in": "query", + "name": "short_name", + "description": "The CNA that will own the reserved CVE IDs", + "required": true, + "schema": { + "type": "string" + } + }, + "shortname": { + "in": "query", + "name": "shortname", + "description": "The new shortname for the organization", + "required": false, + "schema": { + "type": "string" + } + }, + "state": { + "in": "query", + "name": "state", + "description": "The new state for the CVE ID", + "required": false, + "schema": { + "type": "string", + "enum": [ + "RESERVED", + "REJECTED" + ] + } + } + }, + "examples": { + "publishedRecord": { + "value": { + "containers": { + "cna": { + "affected": [ + { + "vendor": "string", + "product": "string", + "versions": [ + { + "version": "string", + "status": "string" + } + ] + } + ], + "descriptions": [ + { + "lang": "string", + "value": "string" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "description": "string", + "lang": "string", + "type": "string" + } + ] + } + ], + "providerMetadata": { + "orgId": "string", + "shortName": "string", + "dateUpdated": "2022-05-13T14:26:39.293Z" + }, + "references": [ + { + "name": "string", + "tags": [ + "string" + ], + "url": "string" + } + ] + } + }, + "cveMetadata": { + "assignerOrgId": "string", + "cveId": "string", + "state": "string", + "assignerShortName": "string", + "requesterUserId": "string", + "dateReserved": "string", + "datePublished": "string" + }, + "dataType": "string", + "dataVersion": "string" + } + }, + "rejectedRecord": { + "value": { + "containers": { + "cna": { + "rejectedReasons": [ + { + "lang": "string", + "value": "string", + "supportingMedia": [ + { + "type": "string", + "base64": false, + "value": "string" + } + ] + } + ], + "replacedBy": [ + "string" + ], + "providerMetadata": { + "orgId": "string", + "shortName": "string", + "dateUpdated": "2022-05-13T14:27:39.617Z" + } } + }, + "cveMetadata": { + "assignerOrgId": "string", + "cveId": "string", + "state": "string", + "assignerShortName": "string", + "requesterUserId": "string", + "dateReserved": "string", + "datePublished": "string" + }, + "dataType": "string", + "dataVersion": "string" + } + }, + "rejectedCreateCVERecord": { + "value": { + "message": "string", + "created": { + "containers": { + "cna": { + "rejectedReasons": [ + { + "lang": "string", + "value": "string", + "supportingMedia": [ + { + "type": "string", + "base64": false, + "value": "string" + } + ] + } + ], + "replacedBy": [ + "string" + ], + "providerMetadata": { + "orgId": "string", + "shortName": "string", + "dateUpdated": "2022-05-13T14:27:39.617Z" + } + } + }, + "cveMetadata": { + "assignerOrgId": "string", + "cveId": "string", + "state": "string", + "assignerShortName": "string", + "requesterUserId": "string", + "dateReserved": "string", + "datePublished": "string" + }, + "dataType": "string", + "dataVersion": "string" + } } + } } + } } \ No newline at end of file