From 59bc7eef259e55375dc398495153be2fddcb250d Mon Sep 17 00:00:00 2001
From: sunnavy <sunnavy@bestpractical.com>
Date: Mon, 29 Apr 2024 13:25:15 -0400
Subject: [PATCH] Migrate CVE API of NVD to version 2.0

Version 1.0 has been retired.
---
 html/RTIR/Elements/ShowCVEDetails | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/html/RTIR/Elements/ShowCVEDetails b/html/RTIR/Elements/ShowCVEDetails
index 82f4cfdd..6727a9da 100644
--- a/html/RTIR/Elements/ShowCVEDetails
+++ b/html/RTIR/Elements/ShowCVEDetails
@@ -89,22 +89,26 @@ jQuery( function() {
       var div = jQuery(this);
       var cve_id = div.data('cve-id');
       div.find('.current-value:empty').text(RT.I18N.Catalog.loading);
-      jQuery.get("https://services.nvd.nist.gov/rest/json/cve/1.0/" + cve_id, function(data) {
-          if ( data.result && data.result.CVE_Items && data.result.CVE_Items[0] ) {
-              var info = data.result.CVE_Items[0];
-              div.find('.cve-published-date .current-value').text(info.publishedDate);
-              div.find('.cve-last-modified-date .current-value').text(info.lastModifiedDate);
+      jQuery.get("https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=" + cve_id, function(data) {
+          if ( data.totalResults && data.vulnerabilities && data.vulnerabilities[0] ) {
+              var info = data.vulnerabilities[0].cve;
+              div.find('.cve-published-date .current-value').text(info.published);
+              div.find('.cve-last-modified-date .current-value').text(info.lastModified);
 
-              jQuery.each(info.cve.description.description_data, function(index, value) {
+              jQuery.each(info.descriptions, function(index, value) {
                   if ( value.lang == 'en' ) {
                       div.find('.cve-description .current-value').text(value.value);
                       return false;
                   }
               });
 
-              if ( info.impact && info.impact.baseMetricV3 && info.impact.baseMetricV3.cvssV3 ) {
-                  var v3 = info.impact.baseMetricV3.cvssV3;
-                  div.find('.cve-cvss-3x-severity .current-value').text(v3.baseScore + ' ' + v3.baseSeverity);
+              if ( info.metrics ) {
+                for ( const metric in info.metrics ) {
+                    if ( metric.match(/cvssMetricV3/) ) {
+                        const v3 = info.metrics[metric][0].cvssData;
+                        div.find('.cve-cvss-3x-severity .current-value').text(v3.baseScore + ' ' + v3.baseSeverity);
+                    }
+                }
               }
           }
       }, 'json').fail( function(xhr) {