top | item 43472842

(no title)

cjbprime | 11 months ago

That's a CVSS issue. Heartbleed only affected Confidentiality, and CVSS rates scores on a triad of Confidentiality, Integrity, and Availability. RCE affects all three.

discuss

tptacek|11 months ago

Heartbleed was a much more significant issue than this ingress-nginx thing.

cjbprime|11 months ago

I agree with you, which is why I'm redirecting the blame to the CVSS standard, which does not agree with you.

mort96|11 months ago

That's exactly what I'm complaining about, yes. Nothing burgers get 9.8, while earth shattering vulnerabilities get 7.5 using the scoring system that the security community uses to describe "severity".