Merge pull request #2430 from CVEProject/content-rjr-2428

#2428 Add 2 new CNAs + Update 1 CNA's news article
CVEProject · Jan 3, 2024 · 421973d · 421973d
2 parents 88b979b + 67b22e8
commit 421973d
Show file tree

Hide file tree

Showing 4 changed files with 217 additions and 2 deletions.
diff --git a/src/assets/data/CNAsList.json b/src/assets/data/CNAsList.json
@@ -19943,5 +19943,126 @@
       ]
     },
     "country": "France"
+  },
+  {
+    "shortName": "ConcreteCMS",
+    "cnaID": "CNA-2024-0001",
+    "organizationName": "Concrete CMS",
+    "scope": "Concrete CMS Core versions 8.5 and above",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "[email protected]"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.concretecms.org/security"
+      },
+      {
+        "label": "HackerOne Policy",
+        "language": "",
+        "url": "https://hackerone.com/concretecms?type=team"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.concretecms.org/about/project-news/security"
+        },
+        {
+          "label": "Disclosed CVEs",
+          "url": "https://docs.google.com/spreadsheets/d/1lduRBavCZYnKPyPRUhaUNGP2Fza-5SE6MJoAcMSvqSQ/edit#gid=0"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Open Source"
+      ]
+    },
+    "country": "USA"
+  },
+  {
+    "shortName": "Pentraze",
+    "cnaID": "CNA-2024-0002",
+    "organizationName": "Pentraze Cybersecurity",
+    "scope": "Vulnerabilities in third-party software discovered by Pentraze Cybersecurity that are not in another CNA’s scope",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "[email protected]"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://pentraze.com/vulnerability-disclosure-policy/"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://pentraze.com/vulnerability-reports/"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Researcher"
+      ]
+    },
+    "country": "Dominican Republic"
   }
 ]
diff --git a/src/assets/data/metrics.json b/src/assets/data/metrics.json
@@ -1081,6 +1081,59 @@
     }
   ],
   "cnasAddedByYear": [
+    {
+      "year": "2024",
+      "data": [
+        {
+          "month": "January",
+          "value": "2"
+        },
+        {
+          "month": "February",
+          "value": "TBA"
+        },
+        {
+          "month": "March",
+          "value": "TBA"
+        },
+        {
+          "month": "April",
+          "value": "TBA"
+        },
+        {
+          "month": "May",
+          "value": "TBA"
+        },
+        {
+          "month": "June",
+          "value": "TBA"
+        },
+        {
+          "month": "July",
+          "value": "TBA"
+        },
+        {
+          "month": "August",
+          "value": "TBA"
+        },
+        {
+          "month": "September",
+          "value": "TBA"
+        },
+        {
+          "month": "October",
+          "value": "TBA"
+        },
+        {
+          "month": "November",
+          "value": "TBA"
+        },
+        {
+          "month": "December",
+          "value": "TBA"
+        }
+      ]
+    },
     {
       "year": "2023",
       "data": [

diff --git a/src/assets/data/news.json b/src/assets/data/news.json
@@ -1,5 +1,47 @@
 {
   "currentNews": [
+    {
+      "id": 291,
+      "newsType": "news",
+      "title": "Pentraze Cybersecurity Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "Pentraze Cybersecurity Added as CNA",
+      "date": "2024-01-03",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/Pentraze'>Pentraze Cybersecurity</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for vulnerabilities in third-party software discovered by Pentraze Cybersecurity that are not in another CNA’s scope. Pentraze Cybersecurity is the first-ever CNA from Dominican Republic."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>347 CNAs</a> (345 CNAs and 2 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>38 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Pentraze Cybersecurity’s Root is the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 290,
+      "newsType": "news",
+      "title": "Concrete CMS Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "Concrete CMS Added as CNA",
+      "date": "2024-01-03",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/ConcreteCMS'>Concrete CMS</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for Concrete CMS Core versions 8.5 and above."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>346 CNAs</a> (344 CNAs and 2 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>37 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Concrete CMS is the 187th CNA from the USA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Concrete CMS’ Root is the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>."
+        }
+      ]
+    },
     {
       "id": 289,
       "newsType": "news",
@@ -30,7 +72,7 @@
       "description": [
         {
           "contentnewsType": "paragraph",
-          "content": "<a href='/PartnerInformation/ListofPartners/partner/HiddenLayer'>HiddenLayer, Inc.</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for all HiddenLayer systems, services, and products, as well as vulnerabilities in third-party software discovered by HiddenLayer that are not in another CNA’s scope."
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/HiddenLayer'>HiddenLayer, Inc.</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for all HiddenLayer systems, services, and products, as well as vulnerabilities in third-party software discovered by HiddenLayer that are not in another CNA’s scope. Read the HiddenLayer news release: “<a href='https://hiddenlayer.com/company/newsroom/hiddenlayer-partners-with-cve-program-as-a-numbering-authority/' target='_blank'>HiddenLayer Partners with CVE Program as a Numbering Authority to Secure AI</a>.”"
         },
         {
           "contentnewsType": "paragraph",
@@ -44,7 +86,6 @@
     },
     {
       "id": 287,
-      "displayOnHomepageOrder":2,
       "newsType": "news",
       "title": "New CVE Board Member from GitHub Security Lab",
       "urlKeywords": "New CVE Board Member GitHub Security Lab",

diff --git a/src/assets/images/cvePartnersMap.png b/src/assets/images/cvePartnersMap.png