Release Changes

Author: abhinav-nain

CHANGELOG.md

@@ -12,6 +12,78 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p
 
 ### Changed
 
+## [v1.15](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.14.2...v1.15) - 2025-02-12
+
+### Added
+
+- Decentralized Application Misconfiguration - Insecure Data Storage - Plaintext Private Key - P1
+- Decentralized Application Misconfiguration - Insecure Data Storage - Sensitive Information Exposure - Varies
+- Decentralized Application Misconfiguration - Improper Authorization - Insufficient Signature Validation - Varies
+- Decentralized Application Misconfiguration - DeFi Security - Flash Loan Attack - Varies
+- Decentralized Application Misconfiguration - DeFi Security - Pricing Oracle Manipulation - Varies
+- Decentralized Application Misconfiguration - DeFi Security - Function-Level Accounting Error - Varies
+- Decentralized Application Misconfiguration - DeFi Security - Improper Implementation of Governance - Varies
+- Decentralized Application Misconfiguration - Marketplace Security - Signer Account Takeover - P1
+- Decentralized Application Misconfiguration - Marketplace Security - Unauthorized Asset Transfer - P1
+- Decentralized Application Misconfiguration - Marketplace Security - Orderbook Manipulation - P1
+- Decentralized Application Misconfiguration - Marketplace Security - Malicious Order Offer - P2
+- Decentralized Application Misconfiguration - Marketplace Security - Price or Fee Manipulation - P2
+- Decentralized Application Misconfiguration - Marketplace Security - OFAC Bypass - P3
+- Decentralized Application Misconfiguration - Marketplace Security - Improper Validation and Checks For Deposits and Withdrawals - Varies
+- Decentralized Application Misconfiguration - Marketplace Security - Miscalculated Accounting Logic - Varies
+- Decentralized Application Misconfiguration - Marketplace Security - Denial of Service - Varies
+- Decentralized Application Misconfiguration - Protocol Security Misconfiguration - Node-level Denial of Service - P1
+- Protocol Specific Misconfiguration - Frontrunning-Enabled Attack - P2
+- Protocol Specific Misconfiguration - Sandwich-Enabled Attack - P2
+- Protocol Specific Misconfiguration - Misconfigured Staking Logic - Varies
+- Protocol Specific Misconfiguration - Improper Validation and Finalization Logic - Varies
+- Smart Contract Misconfiguration - Reentrancy Attack - P1
+- Smart Contract Misconfiguration - Smart Contract Owner Takeover - P1
+- Smart Contract Misconfiguration - Uninitialized Variables - P1
+- Smart Contract Misconfiguration - Unauthorized Transfer of Funds - P1
+- Smart Contract Misconfiguration - Integer Overflow / Underflow - P2
+- Smart Contract Misconfiguration - Unauthorized Smart Contract Approval - P2
+- Smart Contract Misconfiguration - Irreversible Function Call - P3
+- Smart Contract Misconfiguration - Function-level Denial of Service - P3
+- Smart Contract Misconfiguration - Malicious Superuser Risk - P3
+- Smart Contract Misconfiguration - Improper Fee Implementation - P3
+- Smart Contract Misconfiguration - Improper Use of Modifier - P4
+- Smart Contract Misconfiguration - Improper Decimals Implementation - P4
+- Smart Contract Misconfiguration - Inaccurate Rounding Calculation - Varies
+- Smart Contract Misconfiguration - Bypass of Function Modifiers & Checks - Varies
+- Zero Knowledge Security Misconfiguration - Missing Constraint - Varies
+- Zero Knowledge Security Misconfiguration - Mismatching Bit Lengths - Varies
+- Zero Knowledge Security Misconfiguration - Misconfigured Trusted Setup - Varies
+- Zero Knowledge Security Misconfiguration - Missing Range Check - Varies
+- Zero Knowledge Security Misconfiguration - Improper Proof Validation and Finalization Logic - P1
+- Zero Knowledge Security Misconfiguration - Deanonymization of Data - P1
+- Blockchain Infrastructure Misconfiguration - Improper Bridge Validation and Verification Logic - Varies
+- Broken Authentication and Session Management - SAML Replay - P5
+
+### Changed
+
+FROM:
+
+- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read/Edit/Delete Sensitive Information/Iterable Object Identifiers - P1
+- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Edit/Delete Sensitive Information/Iterable Object Identifiers - P2
+- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read Sensitive Information/Iterable Object Identifiers - P3
+- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read/Edit/Delete Sensitive Information/Complex Object Identifiers(GUID) - P4
+- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Read/Edit/Delete Non-Sensitive Information - P5
+
+TO:
+
+- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Modify/View Sensitive Information(Iterable Object Identifiers) - P1
+- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Modify Sensitive Information(Iterable Object Identifiers) - P2
+- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - View Sensitive Information(Iterable Object Identifiers) - P3
+- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - Modify/View Sensitive Information(Complex Object Identifiers GUID/UUID) - P4
+- Broken Access Control (BAC) - Insecure Direct Object References (IDOR) - View Non-Sensitive Information - P5
+
+### Other
+
+- CVSS Score correction for Server Security Misconfiguration - Mail Server Misconfiguration - Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain - P4.
+- All JSONs, i.e., VRT and its mapping JSONs are now alphabetically sorted.
+- Internal library changes to add a new helper script that aids in sorting the JSONs.
+
 ## [v1.14.2](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.14.1...v1.14.2) - 2024-10-25
 
 ### Removed

vulnerability-rating-taxonomy.json

@@ -1,6 +1,6 @@
 {
   "metadata": {
-    "release_date": "2024-10-25T00:00:00+00:00"
+    "release_date": "2025-02-12T00:00:00+00:00"
   },
   "content": [
     {