Merge pull request #3535 from CVEProject/int

4/15/25 Release: INT to MAIN

Author: jdaigneau5

index.html

@@ -5,7 +5,6 @@
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width,initial-scale=1.0">
     <link rel="icon" type="image/x-icon" href="/cvePurpleVFavicon.svg">
-    <link rel="canonical" href="https://www.cve.org">
     <script src="https://cmp.osano.com/AzyhULTdPkqmy4aDN/46057d56-0263-4cca-abac-9adddada4f3b/osano.js"></script>
   </head>
   <body class="has-navbar-fixed-top">

src/App.vue

@@ -42,6 +42,19 @@ export default {
         + 'reference method for publicly known information-security '
         + 'vulnerabilities and exposures'
     });
+  },
+  head() {
+    // Remove any trailing and leading slashes on the base URL and
+    // path suffix so we know what we're dealing with and we control
+    // the slash separating the two components.
+
+    const baseURL = window.location.origin.replace(/\/+$/, '');
+    const suffix = this.$route.fullPath.replace(/^\/+/, '');
+
+    return {
+      link: [{rel: 'canonical',
+              content: `${baseURL}/${suffix}`}]
+    }
   }
 }
 </script>

src/assets/data/CNAsList.json

@@ -25889,5 +25889,175 @@
       ]
     },
     "country": "USA"
+  },
+  {
+    "shortName": "CTOne",
+    "cnaID": "CNA-2025-0019",
+    "organizationName": "CTOne Inc.",
+    "scope": "Vulnerabilities in cellular (LTE/4G/5G) devices and protocols that are not in another CNA’s scope.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "tr2@ctone.com"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://ctone.com//wp-content/uploads/2024/07/CTOne-Vulnerability-Disclosure-Policy.pdf"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://ctone.com/published-product-vulnerabilities/"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "icscert",
+        "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "CISA",
+        "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA)"
+      },
+      "type": [
+        "Vendor",
+        "Researcher",
+        "Bug Bounty Provider"
+      ]
+    },
+    "country": "Taiwan"
+  },
+  {
+    "shortName": "Jaspersoft",
+    "cnaID": "CNA-2025-0020",
+    "organizationName": "Jaspersoft",
+    "scope": "Jaspersoft products and services only.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "secure@cloud.com"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://community.jaspersoft.com/security/"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://community.jaspersoft.com/advisories/"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Vendor"
+      ]
+    },
+    "country": "USA"
+  },
+  {
+    "shortName": "Spotfire",
+    "cnaID": "CNA-2025-0021",
+    "organizationName": "Spotfire",
+    "scope": "Vulnerabilities associated with the Spotfire product only.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "secure@cloud.com"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://community.spotfire.com/security/"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://community.spotfire.com/security-advisories/"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Vendor"
+      ]
+    },
+    "country": "USA"
   }
 ]

src/assets/data/events.json

@@ -31,7 +31,6 @@
     },
     {
       "id": 33,
-      "displayOnHomepageOrder": 1,
       "title": "CVE/FIRST VulnCon 2025",
       "location": "Raleigh, North Carolina, USA & Virtual",
       "description": "VulnCon 2025 is co-sponsored by the <a href='/'>CVE Program</a> and <a href='https://www.first.org/' target='_blank'>FIRST</a> and is open to the public.<br/><br/><strong>SPECIAL MESSAGE FOR CVE NUMBERING AUTHORITIES (CNAs)</strong>:<br/><i>VulnCon 2025 takes the place of this year’s Spring CVE Global Summit.</i><br/><br/><strong>Agenda</strong>:<br/> Available <a href='https://www.first.org/conference/vulncon2025/program' target='_blank'>here</a>.<br/><br/><strong>Program Overview</strong>:<br/>* Day 1: Monday, April 7 &mdash; Plenary, Vendor Tables, Welcome Reception<br/>* Day 2: Tuesday, April 8 &mdash; Plenary, Vendor Tables, Off-site Social Event<br/>* Day 3: Wednesday, April 9 &mdash; Plenary, Breakouts, Vendor Tables<br/>* Day 4: Thursday, April 10 &mdash; Plenary, Breakouts, Vendor Tables<br/><br/><strong>Venue</strong>:<br/><a href='https://facilities.ofa.ncsu.edu/building/mck/' target='_blank'>McKimmon Center,<br/>North Carolina State University</a>,<br/>1101 Gorman St.,<br/> Raleigh, North Carolina 27606<br/>USA<br/><br/><strong>Registration</strong>:<br/>Registration is now closed. Details <a href='https://www.first.org/conference/vulncon2025/#Registration-Information' target='_blank'>here</a>.<br/><ul><li>Virtual Admission: US $100.00 (closed)</li><li>In-person Standard Admission (closed): US $300.00</li><li>In-person Late Rate Admission (closed): US $375.00</li></ul>Registration fees include four days of coffee breaks and buffet lunches, one networking reception hosted at the McKimmon Center, and applicable meeting materials. Note that discounted rates are not being offered for this event regardless of membership or speaking status.<br/><br/>An offsite social event is planned for Tuesday, April 8, from 19:00-21:00 in downtown Raleigh. You may purchase a ticket during your main registration or access a separate purchase form link found in your registration email confirmation. Tickets are US $30.00 per person.<br/><br/><strong>Call for Papers</strong>:<br/>Closed on January 31, 2025. Details <a href='https://www.first.org/conference/vulncon2025/cfp' target='_blank'>here</a>.<br/><br/><strong>Purpose</strong>:<br/>The purpose of <a href='https://www.first.org/conference/vulncon2025/' target='_blank'>VulnCon</a> is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.<br/><br/>A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.",

src/assets/data/metrics.json

@@ -1141,7 +1141,7 @@
         },
         {
           "month": "April",
-          "value": "3"
+          "value": "6"
         },
         {
           "month": "May",

src/assets/data/news.json

@@ -1,7 +1,71 @@
 {
   "currentNews": [
+    {
+      "id": 512,
+      "newsType": "news",
+      "title": "Spotfire Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "Spotfire Added as CNA",
+      "date": "2025-04-15",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/Spotfire'>Spotfire</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for vulnerabilities associated with the Spotfire product only."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>453 CNAs</a> (450 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Spotfire is the 244th CNA from USA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Spotfire’s Root is the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 511,
+      "newsType": "news",
+      "title": "Jaspersoft Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "Jaspersoft Added as CNA",
+      "date": "2025-04-15",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/Jaspersoft'>Jaspersoft</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for Jaspersoft products and services only."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>452 CNAs</a> (449 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Jaspersoft is the 243rd CNA from USA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Jaspersoft’s Root is the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 510,
+      "newsType": "news",
+      "title": "CTOne Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "CTOne Added as CNA",
+      "date": "2025-04-15",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/CTOne'>CTOne Inc.</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for vulnerabilities in cellular (LTE/4G/5G) devices and protocols that are not in another CNA’s scope."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>451 CNAs</a> (448 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. CTOne is the 13th CNA from Taiwan."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "CTOne’s Root is the <a href='/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS Root</a>."
+        }
+      ]
+    },
     {
       "id": 509,
+      "displayOnHomepageOrder": 0,
       "newsType": "blog",
       "title": "Happening This Week: <i>CVE/FIRST VulnCon 2025</i>, April 7–10, 2025",
       "urlKeywords": "Happening This Week VulnCon 2025",
@@ -91,7 +155,7 @@
       "description": [
         {
           "contentnewsType": "paragraph",
-          "content": "<a href='/PartnerInformation/ListofPartners/partner/TPLink'>TP-Link Systems Inc.</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for TP-Link issues only."
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/TPLink'>TP-Link Systems Inc.</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for TP-Link issues only. Read the TP-Link news release: “<a href='https://www.businesswire.com/news/home/20250414578243/en/TP-Link-Systems-Inc.-Receives-CVE-Numbering-Authority-Designation-for-Cybersecurity-Vulnerability-Management' target='_blank'>TP-Link Systems Inc. Receives CVE Numbering Authority Designation for Cybersecurity Vulnerability Management</a>."
         },
         {
           "contentnewsType": "paragraph",

src/views/CVERecord/CVERecord.vue

@@ -132,6 +132,10 @@ export default {
       usecveRecordStore().showHelpText = true;
     }
   },
+  head() {
+    const cveId = this.$route.query.id;
+    return {title: `CVE Record: ${cveId}`}
+  },
   watch: {
     $route(to) {
       if (Object.prototype.hasOwnProperty.call(to.query, 'id')) {