Tenable Plugin Attributes
Detailed plugin information returned by the GET /plugins/plugin endpoint includes the following attributes:
Attribute | Type | Description |
---|---|---|
plugin_modification_date | string | The date when Tenable last updated the plugin. |
plugin_version | string | The version of the plugin. |
exploited_by_malware | boolean | Indicates whether the vulnerability discovered by this plugin is known to be exploited by malware. |
description | string | The extended description of the plugin. |
unsupported_by_vendor | boolean | Indicates whether the software found by this plugin is unsupported by the software's vendor (for example, Windows 95 or Firefox 3). |
cvss_temporal_score | float | The raw CVSSv2 temporal metrics for the vulnerability. |
patch_publication_date | string | The date when the vendor published a patch for the vulnerability. |
see_also | array | Links to external websites that contain helpful information about the vulnerability. |
default_account | string | Indicates whether the plugin checks for default accounts requiring the use of credentials other than the credentials provided in the scan policy. For more information, see What are the plugins that test for default accounts? in the Tenable Community Portal. |
exploit_available | boolean | Indicates whether a known public exploit exists for the vulnerability. |
cve | array | A list of Common Vulnerabilities and Exposures (CVE) IDs for vulnerabilities associated with the plugin. |
exploit_framework_canvas | boolean | Indicates whether an exploit exists in the Immunity CANVAS framework. |
cvss_base_score | float | The CVSSv2 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments). |
solution | string | Remediation information for the vulnerability. |
cvss_vector | object | The raw CVSSv2 metrics for the vulnerability. For more information, see CVSSv2 documentation. |
exploit_framework_exploithub | boolean | Indicates whether an exploit exists in the ExploitHub framework. |
cpe | array | A list of plugin target systems identified by Common Platform Enumeration (CPE). |
plugin_publication_date | string | The date when Tenable originally published the plugin. |
exploit_framework_core | boolean | Indicates whether an exploit exists in the CORE Impact framework. |
in_the_news | boolean | Indicates whether this plugin has received media attention (for example, ShellShock, Meltdown). |
has_patch | boolean | Indicates whether the vendor has published a patch for the vulnerability. This attribute is true if there is a published patch for the vulnerability (that is, the patch_publication_date attribute contains data) and false if there is no published patch or a patch is not relevant to remediating the vulnerability (that is, patch_publication_date does not contain data). |
xref | array | References to third-party information about the vulnerability, exploit, or update associated with the plugin presented as an array of strings. Each reference includes a type, for example, 'FEDORA', and an ID, for example, '2003-047'. |
malware | boolean | Indicates whether the plugin targets potentially malicious files or processes. |
exploit_framework_d2_elliot | boolean | Indicates an exploit exists in the D2 Elliot Web Exploitation framework |
xrefs | array | References to third-party information about the vulnerability, exploit, or update associated with the plugin presented as an array of objects. Each reference includes a type, for example, 'FEDORA', and an ID, for example, '2003-047'. |
risk_factor | string | The risk factor associated with the plugin. Possible values are: Low (The vulnerability has a CVSS score between 0.1 and 3.9), Medium (The vulnerability has a CVSS score between 4.0 and 6.9), High (The vulnerability has a CVSS score between 7.0 and 9.9), or Critical (The vulnerability has a CVSS score of 10.0). |
synopsis | string | A brief summary of the vulnerability or vulnerabilities associated with the plugin. |
cvss3_temporal_score | float | The CVSSv3 temporal metrics for the vulnerability. |
exploited_by_nessus | boolean | Indicates whether Nessus exploited the vulnerability during the process of identification. |
cvss3_base_score | float | The CVSSv3 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments). |
exploit_framework_metasploit | boolean | Indicates whether an exploit exists in the Metasploit framework. |
plugin_type | string | Plugin type, for example, local, remote, or combined. For more information about plugin type, see Nessus Plugin Types and Categories in the Tenable Community Portal. |
vpr | object | Information about the Vulnerability Priority Rating (VPR) for the plugin, including the VPR score, VPR drivers, and when Vulnerability Management last imported the VPR for this vulnerability. For more information, see Vulnerability Priority Rating. |
Note
Certain plugins can contain additional attributes not documented here.
Example
"attributes": {
"plugin_modification_date": "2018-07-19T00:00:00Z",
"plugin_version": "1.12",
"exploited_by_malware": false,
"description": "A cross-site scripting (XSS) vulnerability exists in the admin CGI script for Mailman before 2.1.4. This update moves Mailman to version 2.1.4 which is not vulnerable to this issue.\n\nUpdated packages were made available in February 2004 however the original update notification email did not make it to fedora-announce-list at that time.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.",
"unsupported_by_vendor": false,
"cvss_temporal_score": 0.0,
"patch_publication_date": "2004-02-26T00:00:00Z",
"see_also": ["http://www.nessus.org/u?564bb3fe"],
"default_account": false,
"exploit_available": false,
"exploit_framework_canvas": false,
"cvss_base_score": 0.0,
"solution": "Update the affected mailman and / or mailman-debuginfo packages.",
"exploit_framework_exploithub": false,
"cpe": ["cpe:/o:fedoraproject:fedora_core:1", "p-cpe:/a:fedoraproject:fedora:mailman-debuginfo", "p-cpe:/a:fedoraproject:fedora:mailman"],
"plugin_publication_date": "2004-07-23T00:00:00Z",
"exploit_framework_core": false,
"in_the_news": false,
"has_patch": true,
"xref": ["FEDORA:2004-060"],
"malware": false,
"exploit_framework_d2_elliot": false,
"xrefs": [{
"type": "FEDORA",
"id": "2004-060"
}
],
"risk_factor": "High",
"synopsis": "The remote Fedora Core host is missing a security update.",
"cvss3_temporal_score": 0.0,
"exploited_by_nessus": false,
"cvss3_base_score": 0.0,
"exploit_framework_metasploit": false,
"plugin_type": "local"
}
Updated 5 days ago