CVE data is to be in the JSON 5.1 CVE Record format. Details of the JSON 5.1 schema are located here.
Contact the CVE Services team", - "contact": { - "name": "CVE Services Overview", - "url": "https://cveproject.github.io/automation-cve-services#services-overview" - } - }, - "servers": [ - { - "url": "https://cveawg-dev.mitre.org/api" - } - ], - "paths": { - "/cve-id": { - "get": { - "tags": [ - "CVE ID" - ], - "summary": "Retrieves information about CVE IDs after applying the query parameters as filters (accessible to all registered users)", - "description": "All registered users can access this endpoint
Regular, CNA & Admin Users: Retrieves filtered CVE IDs owned by the user's organization
Secretariat: Retrieves filtered CVE IDs owned by any organization
", - "operationId": "cveIdGetFiltered", - "parameters": [ - { - "$ref": "#/components/parameters/cveIdGetFilteredState" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredCveIdYear" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedLt" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedGt" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedLt" - }, - { - "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedGt" - }, - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "A filtered list of information about CVE IDs owned by the organization, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/list-cve-ids-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - } - }, - "post": { - "tags": [ - "CVE ID" - ], - "summary": "Reserves CVE IDs for the organization provided in the short_name query parameter (accessible to CNAs and Secretariat)", - "description": "User must belong to an organization with the CNA or Secretariat role
CNA: Reserves CVE IDs for the CNA
Secretariat: Reserves CVE IDs for any organization
", - "operationId": "cveIdReserve", - "parameters": [ - { - "$ref": "#/components/parameters/amount" - }, - { - "$ref": "#/components/parameters/batch_type" - }, - { - "$ref": "#/components/parameters/cve_year" - }, - { - "$ref": "#/components/parameters/short_name" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "A list of the newly reserved CVE IDs", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/create-cve-ids-response.json" - } - } - } - }, - "206": { - "description": "A partial list of the CVE IDs the IDR service managed to reserve before encountering a case where no more CVE IDs could be reserved", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/create-cve-ids-partial-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } + "openapi": "3.0.2", + "info": { + "version": "2.3.1", + "title": "CVE Services API", + "description": "The CVE Services API supports automation tooling for the CVE Program. Credentials are required for most service endpoints. Representatives of CVE Numbering Authorities (CNAs) should use one of the methods below to obtain credentials:CVE data is to be in the JSON 5.1 CVE Record format. Details of the JSON 5.1 schema are located here.
Contact the CVE Services team", + "contact": { + "name": "CVE Services Overview", + "url": "https://cveproject.github.io/automation-cve-services#services-overview" } - } }, - "/cve-id/{id}": { - "get": { - "tags": [ - "CVE ID" - ], - "summary": "Retrieves information about the specified CVE ID (accessible to all users)", - "description": "Endpoint is accessible to all
Regular, CNA & Admin Users: Retrieves full information about a CVE ID owned by their organization; partial information about a CVE ID owned by other organizations
Unauthenticated Users: Retrieves partial information about a CVE ID
Secretariat: Retrieves full information about a CVE ID owned by any organization
Note - The owning organization of RESERVED CVE IDs is redacted for all users other than those in the owning organization or Secretariat
", - "operationId": "cveIdGetSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The id of the CVE ID information to retrieve" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The requested CVE ID information is returned", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/get-cve-id-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "429": { - "description": "Too Many Requests", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - } - }, - "put": { - "tags": [ - "CVE ID" - ], - "summary": "Updates information related to the specified CVE ID (accessible to CNAs and Secretariat)", - "description": "User must belong to an organization with the CNA or Secretariat role
CNA: Updates information related to a CVE ID owned by the CNA
Secretariat: Updates a CVE ID owned by any organization
", - "operationId": "cveIdUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The id of the CVE ID to update" - }, - { - "$ref": "#/components/parameters/org" - }, - { - "$ref": "#/components/parameters/state" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE ID information is returned", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve-id/update-cve-id-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - } - } - }, - "/cve-id-range/{year}": { - "post": { - "tags": [ - "CVE ID" - ], - "summary": "Creates a CVE-ID-Range for the specified year (accessible to Secretariat)", - "description": "User must belong to an organization with the Secretariat role
Secretariat: Creates a CVE-ID-Range for the specified year
", - "operationId": "cveIdRangeCreate", - "parameters": [ - { - "name": "year", - "in": "path", - "required": true, - "schema": { - "type": "integer" - }, - "description": "The year of the CVE-ID-Range" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The CVE-ID-Range was created" - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - } - } - }, - "/cve/{id}": { - "get": { - "tags": [ - "CVE Record" - ], - "summary": "Returns a CVE Record by CVE ID (accessible to all users)", - "description": "Endpoint is accessible to all
All users: Retrieves the CVE Record specified
", - "operationId": "cveGetSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the Record to be retrieved" - } - ], - "responses": { - "200": { - "description": "The requested CVE Record", - "content": { - "application/json": { - "schema": { - "oneOf": [ + "servers": [ + { + "url": "https://cveawg-dev.mitre.org/api" + } + ], + "paths": { + "/cve-id": { + "get": { + "tags": [ + "CVE ID" + ], + "summary": "Retrieves information about CVE IDs after applying the query parameters as filters (accessible to all registered users)", + "description": "All registered users can access this endpoint
Regular, CNA & Admin Users: Retrieves filtered CVE IDs owned by the user's organization
Secretariat: Retrieves filtered CVE IDs owned by any organization
", + "operationId": "cveIdGetFiltered", + "parameters": [ + { + "$ref": "#/components/parameters/cveIdGetFilteredState" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredCveIdYear" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedLt" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeReservedGt" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedLt" + }, + { + "$ref": "#/components/parameters/cveIdGetFilteredTimeModifiedGt" + }, + { + "$ref": "#/components/parameters/pageQuery" + }, { - "$ref": "../schemas/cve/get-cve-record-response.json" + "$ref": "#/components/parameters/apiEntityHeader" }, { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "A filtered list of information about CVE IDs owned by the organization, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/list-cve-ids-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } } - ] - }, - "examples": { - "Published Record": { - "$ref": "#/components/examples/publishedRecord" - }, - "Rejected Record": { - "$ref": "#/components/examples/rejectedRecord" - } - } - } - } - }, - "400": { - "description": "Bad Request", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" } - } - } - }, - "403": { - "description": "Forbidden", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "429": { - "description": "Too Many Requests", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "post": { + "tags": [ + "CVE ID" + ], + "summary": "Reserves CVE IDs for the organization provided in the short_name query parameter (accessible to CNAs and Secretariat)", + "description": "User must belong to an organization with the CNA or Secretariat role
CNA: Reserves CVE IDs for the CNA
Secretariat: Reserves CVE IDs for any organization
", + "operationId": "cveIdReserve", + "parameters": [ + { + "$ref": "#/components/parameters/amount" + }, + { + "$ref": "#/components/parameters/batch_type" + }, + { + "$ref": "#/components/parameters/cve_year" + }, + { + "$ref": "#/components/parameters/short_name" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "A list of the newly reserved CVE IDs", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/create-cve-ids-response.json" + } + } + } + }, + "206": { + "description": "A partial list of the CVE IDs the IDR service managed to reserve before encountering a case where no more CVE IDs could be reserved", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/create-cve-ids-partial-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "500": { - "description": "Internal Server Error", - "headers": { - "RateLimit-Limit": { - "schema": { - "type": "integer" - }, - "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." - }, - "RateLimit-Policy": { - "schema": { - "type": "string" - }, - "description": "Indicates a service policy currently associated with the client. Its value is informative." - }, - "RateLimit-Remaining": { - "schema": { - "type": "integer" - }, - "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." - }, - "RateLimit-Reset": { - "schema": { - "type": "integer" - }, - "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." - } - }, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/cve-id/{id}": { + "get": { + "tags": [ + "CVE ID" + ], + "summary": "Retrieves information about the specified CVE ID (accessible to all users)", + "description": "Endpoint is accessible to all
Regular, CNA & Admin Users: Retrieves full information about a CVE ID owned by their organization; partial information about a CVE ID owned by other organizations
Unauthenticated Users: Retrieves partial information about a CVE ID
Secretariat: Retrieves full information about a CVE ID owned by any organization
Note - The owning organization of RESERVED CVE IDs is redacted for all users other than those in the owning organization or Secretariat
", + "operationId": "cveIdGetSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the CVE ID information to retrieve" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The requested CVE ID information is returned", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/get-cve-id-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "429": { + "description": "Too Many Requests", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } - } - } - } - }, - "post": { - "tags": [ - "CVE Record" - ], - "summary": "Creates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", - "description": "User must belong to an organization with the Secretariat role
Secretariat: Creates a CVE Record for any organization
", - "operationId": "cveSubmit", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The CVE ID for the record being submitted" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The CVE Record created", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "put": { + "tags": [ + "CVE ID" + ], + "summary": "Updates information related to the specified CVE ID (accessible to CNAs and Secretariat)", + "description": "User must belong to an organization with the CNA or Secretariat role
CNA: Updates information related to a CVE ID owned by the CNA
Secretariat: Updates a CVE ID owned by any organization
", + "operationId": "cveIdUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the CVE ID to update" + }, + { + "$ref": "#/components/parameters/org" + }, + { + "$ref": "#/components/parameters/state" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE ID information is returned", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve-id/update-cve-id-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - } }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" - } - } - } - } - }, - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", - "description": "User must belong to an organization with the Secretariat role
Secretariat: Updates a CVE Record for any organization
", - "operationId": "cveUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being updated" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-full-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "/cve-id-range/{year}": { + "post": { + "tags": [ + "CVE ID" + ], + "summary": "Creates a CVE-ID-Range for the specified year (accessible to Secretariat)", + "description": "User must belong to an organization with the Secretariat role
Secretariat: Creates a CVE-ID-Range for the specified year
", + "operationId": "cveIdRangeCreate", + "parameters": [ + { + "name": "year", + "in": "path", + "required": true, + "schema": { + "type": "integer" + }, + "description": "The year of the CVE-ID-Range" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The CVE-ID-Range was created" + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/cve/{id}": { + "get": { + "tags": [ + "CVE Record" + ], + "summary": "Returns a CVE Record by CVE ID (accessible to all users)", + "description": "Endpoint is accessible to all
All users: Retrieves the CVE Record specified
", + "operationId": "cveGetSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the Record to be retrieved" + } + ], + "responses": { + "200": { + "description": "The requested CVE Record", + "content": { + "application/json": { + "schema": { + "oneOf": [ + { + "$ref": "../schemas/cve/get-cve-record-response.json" + }, + { + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + } + ] + }, + "examples": { + "Published Record": { + "$ref": "#/components/examples/publishedRecord" + }, + "Rejected Record": { + "$ref": "#/components/examples/rejectedRecord" + } + } + } + } + }, + "400": { + "description": "Bad Request", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "429": { + "description": "Too Many Requests", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "headers": { + "RateLimit-Limit": { + "schema": { + "type": "integer" + }, + "description": "Indicates the service limit associated with the client in the current time window. If the client exceeds that limit, it MAY not be served." + }, + "RateLimit-Policy": { + "schema": { + "type": "string" + }, + "description": "Indicates a service policy currently associated with the client. Its value is informative." + }, + "RateLimit-Remaining": { + "schema": { + "type": "integer" + }, + "description": "Indicates the remaining quota units associated with the expiring-limit. Clients MUST NOT assume that a positive remaining value is a guarantee that further requests will be served. When the value of the remaining keyword is low, it indicates that the server may soon throttle the client." + }, + "RateLimit-Reset": { + "schema": { + "type": "integer" + }, + "description": "Indicates the number of seconds until the available quota units associated with the expiring-limit resets." + } + }, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } - } - } - }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" - } - } - } - } - } - }, - "/cve": { - "get": { - "tags": [ - "CVE Record" - ], - "summary": "Retrieves all CVE Records after applying the query parameters as filters (accessible to Secretariat)", - "description": "User must belong to an organization with the Secretariat role
Secretariat: Retrieves all CVE records for all organizations
", - "operationId": "cveGetFiltered", - "parameters": [ - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" - }, - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" - }, - { - "$ref": "#/components/parameters/cveState" - }, - { - "$ref": "#/components/parameters/countOnly" - }, - { - "$ref": "#/components/parameters/assignerShortName" - }, - { - "$ref": "#/components/parameters/assigner" - }, - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/cnaModified" - }, - { - "$ref": "#/components/parameters/adpShortName" - } - ], - "responses": { - "200": { - "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "oneOf": [ + }, + "post": { + "tags": [ + "CVE Record" + ], + "summary": "Creates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", + "description": "User must belong to an organization with the Secretariat role
Secretariat: Creates a CVE Record for any organization
", + "operationId": "cveSubmit", + "parameters": [ { - "$ref": "../schemas/cve/list-cve-records-response.json" + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being submitted" }, { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" - } - ] - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Unauthorized" - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - } - } - } - }, - "/cve_cursor": { - "get": { - "tags": [ - "CVE Record" - ], - "summary": "Retrieves all CVE Records after applying the query parameters as filters. Uses cursor pagination to paginate results (accessible to Secretariat)", - "description": "User must belong to an organization with the Secretariat role
Secretariat: Retrieves all CVE records for all organizations
", - "operationId": "cveGetFilteredCursor", - "parameters": [ - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" - }, - { - "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" - }, - { - "$ref": "#/components/parameters/cveState" - }, - { - "$ref": "#/components/parameters/countOnly" - }, - { - "$ref": "#/components/parameters/assignerShortName" - }, - { - "$ref": "#/components/parameters/assigner" - }, - { - "$ref": "#/components/parameters/cnaModified" - }, - { - "$ref": "#/components/parameters/adpShortName" - }, - { - "$ref": "#/components/parameters/nextPage" - }, - { - "$ref": "#/components/parameters/previousPage" - }, - { - "$ref": "#/components/parameters/limit" - } - ], - "responses": { - "200": { - "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "oneOf": [ + "$ref": "#/components/parameters/apiEntityHeader" + }, { - "$ref": "../schemas/cve/cursor-cve-records-response.json" + "$ref": "#/components/parameters/apiUserHeader" }, { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The CVE Record created", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" + } + } } - ] - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Unauthorized" - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" } - } - } - } - } - } - }, - "/cve/{id}/cna": { - "post": { - "tags": [ - "CVE Record" - ], - "summary": "Creates a CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", - "description": "User must belong to an organization with the CNA or Secretariat role
CNA: Creates CVE Record for a CVE ID owned by their organization
Secretariat: Creates CVE Record for CVE IDs owned by any organization
", - "operationId": "cveCnaCreateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The CVE ID for the record being created" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The CVE Record created", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates a CVE Record from full CVE Record JSON for the specified ID (accessible to Secretariat.)", + "description": "User must belong to an organization with the Secretariat role
Secretariat: Updates a CVE Record for any organization
", + "operationId": "cveUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being updated" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-full-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-secretariat-request.json" + } + } + } } - } } - } }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-cna-request.json" - } - } - } - } - }, - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates the CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", - "description": "User must belong to an organization with the CNA or Secretariat role
CNA: Updates a CVE Record for records that are owned by their organization
Secretariat: Updates a CVE Record for records that are owned by any organization
", - "operationId": "cveCnaUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for which the record is being updated" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-full-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "/cve": { + "get": { + "tags": [ + "CVE Record" + ], + "summary": "Retrieves all CVE Records after applying the query parameters as filters (accessible to Secretariat)", + "description": "User must belong to an organization with the Secretariat role
Secretariat: Retrieves all CVE records for all organizations
", + "operationId": "cveGetFiltered", + "parameters": [ + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" + }, + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" + }, + { + "$ref": "#/components/parameters/cveState" + }, + { + "$ref": "#/components/parameters/countOnly" + }, + { + "$ref": "#/components/parameters/assignerShortName" + }, + { + "$ref": "#/components/parameters/assigner" + }, + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/cnaModified" + }, + { + "$ref": "#/components/parameters/adpShortName" + } + ], + "responses": { + "200": { + "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "oneOf": [ + { + "$ref": "../schemas/cve/list-cve-records-response.json" + }, + { + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + } + ] + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Unauthorized" + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - } }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-cna-request.json" - } - } - } - } - } - }, - "/cve/{id}/reject": { - "post": { - "tags": [ - "CVE Record" - ], - "summary": "Creates a rejected CVE Record for the specified ID if no record yet exists (accessible to CNAs and Secretariat)", - "description": "User must belong to an organization with the CNA or Secretariat role
CNA: Creates a rejected CVE Record for a record owned by their organization
Secretariat: Creates a rejected CVE Record for a record owned by any organization
", - "operationId": "cveCnaCreateReject", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being rejected" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The rejected CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-rejection-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "/cve_cursor": { + "get": { + "tags": [ + "CVE Record" + ], + "summary": "Retrieves all CVE Records after applying the query parameters as filters. Uses cursor pagination to paginate results (accessible to Secretariat)", + "description": "User must belong to an organization with the Secretariat role
Secretariat: Retrieves all CVE records for all organizations
", + "operationId": "cveGetFilteredCursor", + "parameters": [ + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedLt" + }, + { + "$ref": "#/components/parameters/cveRecordFilteredTimeModifiedGt" + }, + { + "$ref": "#/components/parameters/cveState" + }, + { + "$ref": "#/components/parameters/countOnly" + }, + { + "$ref": "#/components/parameters/assignerShortName" + }, + { + "$ref": "#/components/parameters/assigner" + }, + { + "$ref": "#/components/parameters/cnaModified" + }, + { + "$ref": "#/components/parameters/adpShortName" + }, + { + "$ref": "#/components/parameters/nextPage" + }, + { + "$ref": "#/components/parameters/previousPage" + }, + { + "$ref": "#/components/parameters/limit" + } + ], + "responses": { + "200": { + "description": "A filtered list of CVE Records, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "oneOf": [ + { + "$ref": "../schemas/cve/cursor-cve-records-response.json" + }, + { + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + } + ] + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Unauthorized" + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - } }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/create-cve-record-rejection-request.json" - } - } - } - } - }, - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates an existing CVE Record with a rejected record for the specified ID (accessible to CNAs and Secretariat)", - "description": "User must belong to an organization with the CNA or Secretariat role
CNA: Updates a rejected CVE Record for a record owned by their organization
Secretariat: Updates a rejected CVE Record for a record owned by any organization
", - "operationId": "cveCnaUpdateReject", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The CVE ID for the record being rejected" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The rejected CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-cve-record-rejection-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "/cve/{id}/cna": { + "post": { + "tags": [ + "CVE Record" + ], + "summary": "Creates a CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", + "description": "User must belong to an organization with the CNA or Secretariat role
CNA: Creates CVE Record for a CVE ID owned by their organization
Secretariat: Creates CVE Record for CVE IDs owned by any organization
", + "operationId": "cveCnaCreateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being created" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The CVE Record created", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-cna-request.json" + } + } + } } - } - } - } - }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/cve/update-cve-record-rejection-request.json" - } - } - } - } - } - }, - "/cve/{id}/adp": { - "put": { - "tags": [ - "CVE Record" - ], - "summary": "Updates the CVE Record from ADP Container JSON for the specified ID (accessible to ADPs and Secretariat)", - "description": "User must belong to an organization with the ADP or Secretariat role
ADP: Updates a CVE Record for records that are owned by any organization
Secretariat: Updates a CVE Record for records that are owned by any organization
", - "operationId": "cveAdpUpdateSingle", - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The CVE ID for which the record is being updated" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "The updated CVE Record", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/cve/update-full-cve-record-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/errors/generic.json" + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates the CVE Record from CNA Container JSON for the specified ID (accessible to CNAs and Secretariat)", + "description": "User must belong to an organization with the CNA or Secretariat role
CNA: Updates a CVE Record for records that are owned by their organization
Secretariat: Updates a CVE Record for records that are owned by any organization
", + "operationId": "cveCnaUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for which the record is being updated" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-full-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-cna-request.json" + } + } + } } - } } - } }, - "requestBody": { - "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "/schemas/cve/create-adp-record-adp-request.json" - } - } - } - } - } - }, - "/org": { - "get": { - "tags": [ - "Organization" - ], - "summary": "Retrieves all organizations (accessible to Secretariat)", - "description": "User must belong to an organization with the Secretariat role
Secretariat: Retrieves information about all organizations
", - "operationId": "orgAll", - "parameters": [ - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about all organizations, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/list-orgs-response.json" + "/cve/{id}/reject": { + "post": { + "tags": [ + "CVE Record" + ], + "summary": "Creates a rejected CVE Record for the specified ID if no record yet exists (accessible to CNAs and Secretariat)", + "description": "User must belong to an organization with the CNA or Secretariat role
CNA: Creates a rejected CVE Record for a record owned by their organization
Secretariat: Creates a rejected CVE Record for a record owned by any organization
", + "operationId": "cveCnaCreateReject", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being rejected" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The rejected CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-rejection-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/create-cve-record-rejection-request.json" + } + } + } } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" + }, + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates an existing CVE Record with a rejected record for the specified ID (accessible to CNAs and Secretariat)", + "description": "User must belong to an organization with the CNA or Secretariat role
CNA: Updates a rejected CVE Record for a record owned by their organization
Secretariat: Updates a rejected CVE Record for a record owned by any organization
", + "operationId": "cveCnaUpdateReject", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for the record being rejected" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The rejected CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-cve-record-rejection-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/cve/update-cve-record-rejection-request.json" + } + } + } } - } } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/cve/{id}/adp": { + "put": { + "tags": [ + "CVE Record" + ], + "summary": "Updates the CVE Record from ADP Container JSON for the specified ID (accessible to ADPs and Secretariat)", + "description": "User must belong to an organization with the ADP or Secretariat role
ADP: Updates a CVE Record for records that are owned by any organization
Secretariat: Updates a CVE Record for records that are owned by any organization
", + "operationId": "cveAdpUpdateSingle", + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The CVE ID for which the record is being updated" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "The updated CVE Record", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/cve/update-full-cve-record-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "description": "Note: providerMetadata is set by the server. If provided, it will be overwritten.", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "/schemas/cve/create-adp-record-adp-request.json" + } + } + } } - } } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/org": { + "get": { + "tags": [ + "Organization" + ], + "summary": "Retrieves all organizations (accessible to Secretariat)", + "description": "User must belong to an organization with the Secretariat role
Secretariat: Retrieves information about all organizations
", + "operationId": "orgAll", + "parameters": [ + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about all organizations, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/list-orgs-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "post": { + "tags": [ + "Organization" + ], + "summary": "Creates an organization as specified in the request body (accessible to Secretariat)", + "description": "User must belong to an organization with the Secretariat role
Secretariat: Creates an organization
", + "operationId": "orgCreateSingle", + "parameters": [ + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about the organization created", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/create-org-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/create-org-request.json" + } + } + } } - } } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/org/{identifier}": { + "get": { + "tags": [ + "Organization" + ], + "summary": "Retrieves information about the organization specified by short name or UUID (accessible to all registered users)", + "description": "All registered users can access this endpoint
Regular, CNA & Admin Users: Retrieves organization record for the specified shortname or UUID if it is the user's organization
Secretariat: Retrieves information about any organization
", + "operationId": "orgSingle", + "parameters": [ + { + "name": "identifier", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname or UUID of the organization" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the organization information", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/get-org-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - } - } - }, - "post": { - "tags": [ - "Organization" - ], - "summary": "Creates an organization as specified in the request body (accessible to Secretariat)", - "description": "User must belong to an organization with the Secretariat role
Secretariat: Creates an organization
", - "operationId": "orgCreateSingle", - "parameters": [ - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about the organization created", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/create-org-response.json" + }, + "/org/{shortname}": { + "put": { + "tags": [ + "Organization" + ], + "summary": "Updates information about the organization specified by short name (accessible to Secretariat)", + "description": "User must belong to an organization with the Secretariat role
Secretariat: Updates any organization's information
", + "operationId": "orgUpdateSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/id_quota" + }, + { + "$ref": "#/components/parameters/name" + }, + { + "$ref": "#/components/parameters/newShortname" + }, + { + "$ref": "#/components/parameters/active_roles_add" + }, + { + "$ref": "#/components/parameters/active_roles_remove" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about the organization updated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/update-org-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" + }, + "/org/{shortname}/id_quota": { + "get": { + "tags": [ + "Organization" + ], + "summary": "Retrieves an organization's CVE ID quota (accessible to all registered users)", + "description": "All registered users can access this endpoint
Regular, CNA & Admin Users: Retrieves the CVE ID quota for the user's organization
Secretariat: Retrieves the CVE ID quota for any organization
", + "operationId": "orgIdQuota", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the CVE ID quota for an organization", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/org/get-org-quota-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/org/{shortname}/users": { + "get": { + "tags": [ + "Users" + ], + "summary": "Retrieves all users for the organization with the specified short name (accessible to all registered users)", + "description": "All registered users can access this endpoint
Regular, CNA & Admin Users: Retrieves information about users in the same organization
Secretariat: Retrieves all user information for any organization
", + "operationId": "userOrgAll", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns all users for the organization, along with pagination fields if results span multiple pages of data", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/list-users-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/org/{shortname}/user": { + "post": { + "tags": [ + "Users" + ], + "summary": "Create a user with the provided short name as the owning organization (accessible to Admins and Secretariats)", + "description": "User must belong to an organization with the Secretariat role or be an Admin of the organization
Admin User: Creates a user for the Admin's organization
Secretariat: Creates a user for any organization
", + "operationId": "userCreateSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the new user information (with the secret)", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/create-user-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } + }, + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/create-user-request.json" + } + } + } } - } } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/org/{shortname}/user/{username}": { + "get": { + "tags": [ + "Users" + ], + "summary": "Retrieves information about a user for the specified username and organization short name (accessible to all registered users)", + "description": "All registered users can access this endpoint
Regular, CNA & Admin Users: Retrieves information about a user in the same organization
Secretariat: Retrieves any user's information
", + "operationId": "userSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "name": "username", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The username of the user" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns information about the specified user", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/get-user-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "put": { + "tags": [ + "Users" + ], + "summary": "Updates information about a user for the specified username and organization shortname (accessible to all registered users)", + "description": "All registered users can access this endpoint
Regular User: Updates the user's own information. Only name fields may be changed.
Admin User: Updates information about a user in the Admin's organization. Allowed to change all fields except org_short_name.
Secretariat: Updates information about a user in any organization. Allowed to change all fields.
", + "operationId": "userUpdateSingle", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "name": "username", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The username of the user" + }, + { + "$ref": "#/components/parameters/active" + }, + { + "$ref": "#/components/parameters/activeUserRolesAdd" + }, + { + "$ref": "#/components/parameters/activeUserRolesRemove" + }, + { + "$ref": "#/components/parameters/nameFirst" + }, + { + "$ref": "#/components/parameters/nameLast" + }, + { + "$ref": "#/components/parameters/nameMiddle" + }, + { + "$ref": "#/components/parameters/nameSuffix" + }, + { + "$ref": "#/components/parameters/newUsername" + }, + { + "$ref": "#/components/parameters/orgShortname" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the updated user information", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/update-user-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - } }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/create-org-request.json" - } - } - } - } - } - }, - "/org/{identifier}": { - "get": { - "tags": [ - "Organization" - ], - "summary": "Retrieves information about the organization specified by short name or UUID (accessible to all registered users)", - "description": "All registered users can access this endpoint
Regular, CNA & Admin Users: Retrieves organization record for the specified shortname or UUID if it is the user's organization
Secretariat: Retrieves information about any organization
", - "operationId": "orgSingle", - "parameters": [ - { - "name": "identifier", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname or UUID of the organization" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the organization information", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/get-org-response.json" - } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + "/org/{shortname}/user/{username}/reset_secret": { + "put": { + "tags": [ + "Users" + ], + "summary": "Reset the API key for a user (accessible to all registered users)", + "description": "All registered users can access this endpoint
Regular User: Resets user's own API secret
Admin User: Resets any user's API secret in the Admin's organization
Secretariat: Resets any user's API secret
", + "operationId": "userResetSecret", + "parameters": [ + { + "name": "shortname", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The shortname of the organization" + }, + { + "name": "username", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The username of the user" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns the new API key", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/reset-secret-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/users": { + "get": { + "tags": [ + "Users" + ], + "summary": "Retrieves information about all registered users (accessible to Secretariat)", + "description": "User must belong to an organization with the Secretariat role
Secretariat: Retrieves information about all users for all organizations
", + "operationId": "userAll", + "parameters": [ + { + "$ref": "#/components/parameters/pageQuery" + }, + { + "$ref": "#/components/parameters/apiEntityHeader" + }, + { + "$ref": "#/components/parameters/apiUserHeader" + }, + { + "$ref": "#/components/parameters/apiSecretHeader" + } + ], + "responses": { + "200": { + "description": "Returns all users, along with pagination fields if results span multiple pages of data.", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/user/list-users-response.json" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/bad-request.json" + } + } + } + }, + "401": { + "description": "Not Authenticated", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "404": { + "description": "Not Found", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "../schemas/errors/generic.json" + } + } + } + } } - } } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "/health-check": { + "get": { + "tags": [ + "Utilities" + ], + "summary": "Checks that the system is running (accessible to all users)", + "description": "Endpoint is accessible to all
Returns a 200 response code when CVE Services are running
", + "operationId": "healthCheck", + "parameters": [], + "responses": { + "200": { + "description": "Returns a 200 response code" + } } - } } - } } - } }, - "/org/{shortname}": { - "put": { - "tags": [ - "Organization" - ], - "summary": "Updates information about the organization specified by short name (accessible to Secretariat)", - "description": "User must belong to an organization with the Secretariat role
Secretariat: Updates any organization's information
", - "operationId": "orgUpdateSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/id_quota" - }, - { - "$ref": "#/components/parameters/name" - }, - { - "$ref": "#/components/parameters/newShortname" - }, - { - "$ref": "#/components/parameters/active_roles_add" - }, - { - "$ref": "#/components/parameters/active_roles_remove" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about the organization updated", - "content": { - "application/json": { + "components": { + "parameters": { + "active": { + "in": "query", + "name": "active", + "description": "The new active state for the user entry. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", + "required": false, "schema": { - "$ref": "../schemas/org/update-org-response.json" + "type": "boolean" } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" - } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" - } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "active_roles_add": { + "in": "query", + "name": "active_roles.add", + "description": "Add an active role to the organization", + "required": false, + "schema": { + "type": "string", + "enum": [ + "CNA", + "SECRETARIAT" + ] } - } - } - } - } - } - }, - "/org/{shortname}/id_quota": { - "get": { - "tags": [ - "Organization" - ], - "summary": "Retrieves an organization's CVE ID quota (accessible to all registered users)", - "description": "All registered users can access this endpoint
Regular, CNA & Admin Users: Retrieves the CVE ID quota for the user's organization
Secretariat: Retrieves the CVE ID quota for any organization
", - "operationId": "orgIdQuota", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the CVE ID quota for an organization", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/org/get-org-quota-response.json" + "active_roles_remove": { + "in": "query", + "name": "active_roles.remove", + "description": "Remove an active role from the organization", + "required": false, + "schema": { + "type": "string", + "enum": [ + "CNA", + "SECRETARIAT" + ] } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/bad-request.json" + }, + "activeUserRolesAdd": { + "in": "query", + "name": "active_roles.add", + "description": "Add an active role to the user", + "required": false, + "schema": { + "type": "string", + "enum": [ + "ADMIN" + ] } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "activeUserRolesRemove": { + "in": "query", + "name": "active_roles.remove", + "description": "Remove an active role from the user", + "required": false, + "schema": { + "type": "string", + "enum": [ + "ADMIN" + ] } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { + }, + "apiEntityHeader": { + "in": "header", + "name": "CVE-API-ORG", + "description": "The shortname for the organization associated with the user requesting authentication", + "required": true, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { + }, + "apiUserHeader": { + "in": "header", + "name": "CVE-API-USER", + "description": "The username for the account making the request", + "required": true, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { + }, + "apiSecretHeader": { + "in": "header", + "name": "CVE-API-KEY", + "description": "The user's API key", + "required": true, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - } - } - } - }, - "/org/{shortname}/users": { - "get": { - "tags": [ - "Users" - ], - "summary": "Retrieves all users for the organization with the specified short name (accessible to all registered users)", - "description": "All registered users can access this endpoint
Regular, CNA & Admin Users: Retrieves information about users in the same organization
Secretariat: Retrieves all user information for any organization
", - "operationId": "userOrgAll", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns all users for the organization, along with pagination fields if results span multiple pages of data", - "content": { - "application/json": { + "amount": { + "in": "query", + "name": "amount", + "description": "Quantity of CVE IDs to reserve", + "required": true, "schema": { - "$ref": "../schemas/user/list-users-response.json" + "type": "integer", + "format": "int32" } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { + }, + "assigner": { + "in": "query", + "name": "assigner", + "description": "Filter by assigner org UUID", + "required": false, "schema": { - "$ref": "../schemas/errors/bad-request.json" + "type": "string" } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { + }, + "assignerShortName": { + "in": "query", + "name": "assigner_short_name", + "description": "Filter by assignerShortName", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "batch_type": { + "in": "query", + "name": "batch_type", + "description": "Required when amount is greater than one, determines whether the reserved CVE IDs should be sequential or non-sequential", + "required": false, + "schema": { + "type": "string", + "enum": [ + "sequential", + "non-sequential", + "nonsequential" + ] } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { + }, + "countOnly": { + "in": "query", + "name": "count_only", + "description": "Get count of records that match query. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "boolean" } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { + }, + "nextPage": { + "in": "query", + "name": "next_page", + "description": "Key returned by a GET /cve_cursor call that must be used to get the next page of results in a subsequent call", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - } - } - } - }, - "/org/{shortname}/user": { - "post": { - "tags": [ - "Users" - ], - "summary": "Create a user with the provided short name as the owning organization (accessible to Admins and Secretariats)", - "description": "User must belong to an organization with the Secretariat role or be an Admin of the organization
Admin User: Creates a user for the Admin's organization
Secretariat: Creates a user for any organization
", - "operationId": "userCreateSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The shortname of the organization" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the new user information (with the secret)", - "content": { - "application/json": { + "previousPage": { + "in": "query", + "name": "previous_page", + "description": "Key returned by a GET /cve_cursor call that must be used to get the previous page of results in a subsequent call", + "required": false, "schema": { - "$ref": "../schemas/user/create-user-response.json" + "type": "string" } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { + }, + "limit": { + "in": "query", + "name": "limit", + "description": "CVE records to return per page. Must be between 1-500. ", + "required": false, "schema": { - "$ref": "../schemas/errors/bad-request.json" + "type": "integer" } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { + }, + "cnaModified": { + "in": "query", + "name": "cna_modified", + "description": "Only get CVE records with cnaContainers that have been modified/created within the set time_modified range. Requires at least one time_modified parameter set", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "boolean" } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { + }, + "adpShortName": { + "in": "query", + "name": "adp_short_name", + "description": "Only get CVE records that have an adpContainer owned by this org.", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "cveState": { + "in": "query", + "name": "state", + "description": "Filter by state", + "schema": { + "type": "string", + "enum": [ + "PUBLISHED", + "REJECTED" + ] } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { + }, + "cve_year": { + "in": "query", + "name": "cve_year", + "description": "The year the CVE IDs will be reserved for (i.e., 1999, ..., currentYear + 1)", + "required": true, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "integer", + "format": "int32" } - } - } - } - }, - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/create-user-request.json" - } - } - } - } - } - }, - "/org/{shortname}/user/{username}": { - "get": { - "tags": [ - "Users" - ], - "summary": "Retrieves information about a user for the specified username and organization short name (accessible to all registered users)", - "description": "All registered users can access this endpoint
Regular, CNA & Admin Users: Retrieves information about a user in the same organization
Secretariat: Retrieves any user's information
", - "operationId": "userSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The shortname of the organization" - }, - { - "name": "username", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The username of the user" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns information about the specified user", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/user/get-user-response.json" + "cveIdGetFilteredState": { + "in": "query", + "name": "state", + "description": "Filter by state ", + "required": false, + "schema": { + "type": "string", + "enum": [ + "RESERVED", + "PUBLISHED", + "REJECTED" + ] } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { + }, + "cveIdGetFilteredCveIdYear": { + "in": "query", + "name": "cve_id_year", + "description": "Filter by the year of the CVE IDs", + "required": false, "schema": { - "$ref": "../schemas/errors/bad-request.json" + "type": "string" } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { + }, + "cveIdGetFilteredTimeReservedLt": { + "in": "query", + "name": "time_reserved.lt", + "description": "Most recent reserved timestamp to retrieve. Include with all requests potentially returning multiple pages of CVE IDs to avoid issues if new IDs are reserved during use.All registered users can access this endpoint
Regular User: Updates the user's own information. Only name fields may be changed.
Admin User: Updates information about a user in the Admin's organization. Allowed to change all fields except org_short_name.
Secretariat: Updates information about a user in any organization. Allowed to change all fields.
", - "operationId": "userUpdateSingle", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "name": "username", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The username of the user" - }, - { - "$ref": "#/components/parameters/active" - }, - { - "$ref": "#/components/parameters/activeUserRolesAdd" - }, - { - "$ref": "#/components/parameters/activeUserRolesRemove" - }, - { - "$ref": "#/components/parameters/nameFirst" - }, - { - "$ref": "#/components/parameters/nameLast" - }, - { - "$ref": "#/components/parameters/nameMiddle" - }, - { - "$ref": "#/components/parameters/nameSuffix" - }, - { - "$ref": "#/components/parameters/newUsername" - }, - { - "$ref": "#/components/parameters/orgShortname" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the updated user information", - "content": { - "application/json": { + "cveRecordFilteredTimeModifiedLt": { + "in": "query", + "name": "time_modified.lt", + "description": "Most recent CVE record modified timestamp to retrieveAll registered users can access this endpoint
Regular User: Resets user's own API secret
Admin User: Resets any user's API secret in the Admin's organization
Secretariat: Resets any user's API secret
", - "operationId": "userResetSecret", - "parameters": [ - { - "name": "shortname", - "in": "path", - "required": true, - "schema": { - "type": "string" - }, - "description": "The shortname of the organization" - }, - { - "name": "username", - "in": "path", - "required": true, - "schema": { - "type": "string" }, - "description": "The username of the user" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns the new API key", - "content": { - "application/json": { + "nameMiddle": { + "in": "query", + "name": "name.middle", + "description": "The new middle name for the user entry", + "required": false, "schema": { - "$ref": "../schemas/user/reset-secret-response.json" + "type": "string" } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { + }, + "nameSuffix": { + "in": "query", + "name": "name.suffix", + "description": "The new suffix for the user entry", + "required": false, "schema": { - "$ref": "../schemas/errors/bad-request.json" + "type": "string" } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { + }, + "newShortname": { + "in": "query", + "name": "new_short_name", + "description": "The new shortname for the organization", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { + }, + "newUsername": { + "in": "query", + "name": "new_username", + "description": "The new username for the user, preferably the user's email address. Must be 3-128 characters in length; allowed characters are alphanumeric and -_@.", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { + }, + "org": { + "in": "query", + "name": "org", + "description": "The shortname of the new owning_cna for the CVE ID", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { + }, + "orgShortname": { + "in": "query", + "name": "org_short_name", + "description": "The new organization for the user", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - } - } - } - }, - "/users": { - "get": { - "tags": [ - "Users" - ], - "summary": "Retrieves information about all registered users (accessible to Secretariat)", - "description": "User must belong to an organization with the Secretariat role
Secretariat: Retrieves information about all users for all organizations
", - "operationId": "userAll", - "parameters": [ - { - "$ref": "#/components/parameters/pageQuery" - }, - { - "$ref": "#/components/parameters/apiEntityHeader" - }, - { - "$ref": "#/components/parameters/apiUserHeader" - }, - { - "$ref": "#/components/parameters/apiSecretHeader" - } - ], - "responses": { - "200": { - "description": "Returns all users, along with pagination fields if results span multiple pages of data.", - "content": { - "application/json": { + }, + "pageQuery": { + "in": "query", + "name": "page", + "description": "The current page in the paginator", + "required": false, "schema": { - "$ref": "../schemas/user/list-users-response.json" + "type": "integer", + "format": "int32", + "minimum": 1 } - } - } - }, - "400": { - "description": "Bad Request", - "content": { - "application/json": { + }, + "short_name": { + "in": "query", + "name": "short_name", + "description": "The CNA that will own the reserved CVE IDs", + "required": true, "schema": { - "$ref": "../schemas/errors/bad-request.json" + "type": "string" } - } - } - }, - "401": { - "description": "Not Authenticated", - "content": { - "application/json": { + }, + "shortname": { + "in": "query", + "name": "shortname", + "description": "The new shortname for the organization", + "required": false, "schema": { - "$ref": "../schemas/errors/generic.json" + "type": "string" } - } - } - }, - "403": { - "description": "Forbidden", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "state": { + "in": "query", + "name": "state", + "description": "The new state for the CVE ID", + "required": false, + "schema": { + "type": "string", + "enum": [ + "RESERVED", + "REJECTED" + ] } - } } - }, - "404": { - "description": "Not Found", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "examples": { + "publishedRecord": { + "value": { + "containers": { + "cna": { + "affected": [ + { + "vendor": "string", + "product": "string", + "versions": [ + { + "version": "string", + "status": "string" + } + ] + } + ], + "descriptions": [ + { + "lang": "string", + "value": "string" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "description": "string", + "lang": "string", + "type": "string" + } + ] + } + ], + "providerMetadata": { + "orgId": "string", + "shortName": "string", + "dateUpdated": "2022-05-13T14:26:39.293Z" + }, + "references": [ + { + "name": "string", + "tags": [ + "string" + ], + "url": "string" + } + ] + } + }, + "cveMetadata": { + "assignerOrgId": "string", + "cveId": "string", + "state": "string", + "assignerShortName": "string", + "requesterUserId": "string", + "dateReserved": "string", + "datePublished": "string" + }, + "dataType": "string", + "dataVersion": "string" } - } - } - }, - "500": { - "description": "Internal Server Error", - "content": { - "application/json": { - "schema": { - "$ref": "../schemas/errors/generic.json" + }, + "rejectedRecord": { + "value": { + "containers": { + "cna": { + "rejectedReasons": [ + { + "lang": "string", + "value": "string", + "supportingMedia": [ + { + "type": "string", + "base64": false, + "value": "string" + } + ] + } + ], + "replacedBy": [ + "string" + ], + "providerMetadata": { + "orgId": "string", + "shortName": "string", + "dateUpdated": "2022-05-13T14:27:39.617Z" + } + } + }, + "cveMetadata": { + "assignerOrgId": "string", + "cveId": "string", + "state": "string", + "assignerShortName": "string", + "requesterUserId": "string", + "dateReserved": "string", + "datePublished": "string" + }, + "dataType": "string", + "dataVersion": "string" } - } - } - } - } - } - }, - "/health-check": { - "get": { - "tags": [ - "Utilities" - ], - "summary": "Checks that the system is running (accessible to all users)", - "description": "Endpoint is accessible to all
Returns a 200 response code when CVE Services are running
", - "operationId": "healthCheck", - "parameters": [], - "responses": { - "200": { - "description": "Returns a 200 response code" - } - } - } - } - }, - "components": { - "parameters": { - "active": { - "in": "query", - "name": "active", - "description": "The new active state for the user entry. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", - "required": false, - "schema": { - "type": "boolean" - } - }, - "active_roles_add": { - "in": "query", - "name": "active_roles.add", - "description": "Add an active role to the organization", - "required": false, - "schema": { - "type": "string", - "enum": [ - "CNA", - "SECRETARIAT" - ] - } - }, - "active_roles_remove": { - "in": "query", - "name": "active_roles.remove", - "description": "Remove an active role from the organization", - "required": false, - "schema": { - "type": "string", - "enum": [ - "CNA", - "SECRETARIAT" - ] - } - }, - "activeUserRolesAdd": { - "in": "query", - "name": "active_roles.add", - "description": "Add an active role to the user", - "required": false, - "schema": { - "type": "string", - "enum": [ - "ADMIN" - ] - } - }, - "activeUserRolesRemove": { - "in": "query", - "name": "active_roles.remove", - "description": "Remove an active role from the user", - "required": false, - "schema": { - "type": "string", - "enum": [ - "ADMIN" - ] - } - }, - "apiEntityHeader": { - "in": "header", - "name": "CVE-API-ORG", - "description": "The shortname for the organization associated with the user requesting authentication", - "required": true, - "schema": { - "type": "string" - } - }, - "apiUserHeader": { - "in": "header", - "name": "CVE-API-USER", - "description": "The username for the account making the request", - "required": true, - "schema": { - "type": "string" - } - }, - "apiSecretHeader": { - "in": "header", - "name": "CVE-API-KEY", - "description": "The user's API key", - "required": true, - "schema": { - "type": "string" - } - }, - "amount": { - "in": "query", - "name": "amount", - "description": "Quantity of CVE IDs to reserve", - "required": true, - "schema": { - "type": "integer", - "format": "int32" - } - }, - "assigner": { - "in": "query", - "name": "assigner", - "description": "Filter by assigner org UUID", - "required": false, - "schema": { - "type": "string" - } - }, - "assignerShortName": { - "in": "query", - "name": "assigner_short_name", - "description": "Filter by assignerShortName", - "required": false, - "schema": { - "type": "string" - } - }, - "batch_type": { - "in": "query", - "name": "batch_type", - "description": "Required when amount is greater than one, determines whether the reserved CVE IDs should be sequential or non-sequential", - "required": false, - "schema": { - "type": "string", - "enum": [ - "sequential", - "non-sequential", - "nonsequential" - ] - } - }, - "countOnly": { - "in": "query", - "name": "count_only", - "description": "Get count of records that match query. Accepted values are 1, true, or yes to indicate true, and 0, false, or no to indicate false", - "required": false, - "schema": { - "type": "boolean" - } - }, - "nextPage": { - "in": "query", - "name": "next_page", - "description": "Key returned by a GET /cve_cursor call that must be used to get the next page of results in a subsequent call", - "required": false, - "schema": { - "type": "string" - } - }, - "previousPage": { - "in": "query", - "name": "previous_page", - "description": "Key returned by a GET /cve_cursor call that must be used to get the previous page of results in a subsequent call", - "required": false, - "schema": { - "type": "string" - } - }, - "limit": { - "in": "query", - "name": "limit", - "description": "CVE records to return per page. Must be between 1-500. ", - "required": false, - "schema": { - "type": "integer" - } - }, - "cnaModified": { - "in": "query", - "name": "cna_modified", - "description": "Only get CVE records with cnaContainers that have been modified/created within the set time_modified range. Requires at least one time_modified parameter set", - "required": false, - "schema": { - "type": "boolean" - } - }, - "adpShortName": { - "in": "query", - "name": "adp_short_name", - "description": "Only get CVE records that have an adpContainer owned by this org.", - "required": false, - "schema": { - "type": "string" - } - }, - "cveState": { - "in": "query", - "name": "state", - "description": "Filter by state", - "schema": { - "type": "string", - "enum": [ - "PUBLISHED", - "REJECTED" - ] - } - }, - "cve_year": { - "in": "query", - "name": "cve_year", - "description": "The year the CVE IDs will be reserved for (i.e., 1999, ..., currentYear + 1)", - "required": true, - "schema": { - "type": "integer", - "format": "int32" - } - }, - "cveIdGetFilteredState": { - "in": "query", - "name": "state", - "description": "Filter by state ", - "required": false, - "schema": { - "type": "string", - "enum": [ - "RESERVED", - "PUBLISHED", - "REJECTED" - ] - } - }, - "cveIdGetFilteredCveIdYear": { - "in": "query", - "name": "cve_id_year", - "description": "Filter by the year of the CVE IDs", - "required": false, - "schema": { - "type": "string" - } - }, - "cveIdGetFilteredTimeReservedLt": { - "in": "query", - "name": "time_reserved.lt", - "description": "Most recent reserved timestamp to retrieve. Include with all requests potentially returning multiple pages of CVE IDs to avoid issues if new IDs are reserved during use.