django-DefectDojo cvss 4.0

Hello everybody, when will DD support CVSS 4.0?

Best, Sal

Jan 22 '24 07:01 saldam72

@saldam72 Can you define what you mean by "support CVSS 4.0"

Do you mean take that value in when a import of a tools file happens and track it with a finding?
Do you mean change out the CVSS 3.x calculator we have in the UI to a CVSS 4.0 calculator?
Something else?

It's hard to answer a general question like this without more details.

Jan 22 '24 20:01 mtesauro

@mtesauro You are right :-)

Do you mean take that value in when a import of a tools file happens and track it with a finding? Yes (also via API)
Do you mean change out the CVSS 3.x calculator we have in the UI to a CVSS 4.0 calculator? Yes (also via API)

It should work as the current CVSS 3.x considering the vector prefix:

Jan 23 '24 07:01 saldam72

Is there a new status regarding this issue? CVSSv4 is live and we have vulnerabilities which were rated using version 4.

I've seen a PR #9380 but that was closed without merging.

Jul 24 '24 07:07 0x4bit

Hi all, so what ? Would be fine to have score calculated by prefix as suggested by Salvatore here Take care S.

Mar 10 '25 14:03 rinaldistefano

Hope to support cvssv4 calculator when adding new findings, and also retain cvssv3

Mar 17 '25 23:03 Dejavu610

Closing this in favour of #12445 that has a more detailed requirement spec.

May 15 '25 06:05 valentijnscholten