Tenable Plugin Attributes

Detailed plugin information returned by the GET /plugins/plugin endpoint includes the following attributes:

AttributeTypeDescription
plugin_modification_datestringThe date when Tenable last updated the plugin.
plugin_versionstringThe version of the plugin.
exploited_by_malwarebooleanIndicates whether the vulnerability discovered by this plugin is known to be exploited by malware.
descriptionstringThe extended description of the plugin.
unsupported_by_vendorbooleanIndicates whether the software found by this plugin is unsupported by the software's vendor (for example, Windows 95 or Firefox 3).
cvss_temporal_scorefloatThe raw CVSSv2 temporal metrics for the vulnerability.
patch_publication_datestringThe date when the vendor published a patch for the vulnerability.
see_alsoarrayLinks to external websites that contain helpful information about the vulnerability.
default_accountstringIndicates whether the plugin checks for default accounts requiring the use of credentials other than the credentials provided in the scan policy. For more information, see What are the plugins that test for default accounts? in the Tenable Community Portal.
exploit_availablebooleanIndicates whether a known public exploit exists for the vulnerability.
cvearrayA list of Common Vulnerabilities and Exposures (CVE) IDs for vulnerabilities associated with the plugin.
exploit_framework_canvasbooleanIndicates whether an exploit exists in the Immunity CANVAS framework.
cvss_base_scorefloatThe CVSSv2 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments).
solutionstringRemediation information for the vulnerability.
cvss_vectorobjectThe raw CVSSv2 metrics for the vulnerability. For more information, see CVSSv2 documentation.
exploit_framework_exploithubbooleanIndicates whether an exploit exists in the ExploitHub framework.
cpearrayA list of plugin target systems identified by Common Platform Enumeration (CPE).
plugin_publication_datestringThe date when Tenable originally published the plugin.
exploit_framework_corebooleanIndicates whether an exploit exists in the CORE Impact framework.
in_the_newsbooleanIndicates whether this plugin has received media attention (for example, ShellShock, Meltdown).
has_patchbooleanIndicates whether the vendor has published a patch for the vulnerability. This attribute is true if there is a published patch for the vulnerability (that is, the patch_publication_date attribute contains data) and false if there is no published patch or a patch is not relevant to remediating the vulnerability (that is, patch_publication_date does not contain data).
xrefarrayReferences to third-party information about the vulnerability, exploit, or update associated with the plugin presented as an array of strings. Each reference includes a type, for example, 'FEDORA', and an ID, for example, '2003-047'.
malwarebooleanIndicates whether the plugin targets potentially malicious files or processes.
exploit_framework_d2_elliotbooleanIndicates an exploit exists in the D2 Elliot Web Exploitation framework
xrefsarrayReferences to third-party information about the vulnerability, exploit, or update associated with the plugin presented as an array of objects. Each reference includes a type, for example, 'FEDORA', and an ID, for example, '2003-047'.
risk_factorstringThe risk factor associated with the plugin. Possible values are: Low (The vulnerability has a CVSS score between 0.1 and 3.9), Medium (The vulnerability has a CVSS score between 4.0 and 6.9), High (The vulnerability has a CVSS score between 7.0 and 9.9), or Critical (The vulnerability has a CVSS score of 10.0).
synopsisstringA brief summary of the vulnerability or vulnerabilities associated with the plugin.
cvss3_temporal_scorefloatThe CVSSv3 temporal metrics for the vulnerability.
exploited_by_nessusbooleanIndicates whether Nessus exploited the vulnerability during the process of identification.
cvss3_base_scorefloatThe CVSSv3 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments).
exploit_framework_metasploitbooleanIndicates whether an exploit exists in the Metasploit framework.
plugin_typestringPlugin type, for example, local, remote, or combined. For more information about plugin type, see Nessus Plugin Types and Categories in the Tenable Community Portal.
vprobjectInformation about the Vulnerability Priority Rating (VPR) for the plugin, including the VPR score, VPR drivers, and when Vulnerability Management last imported the VPR for this vulnerability. For more information, see Vulnerability Priority Rating.

📘

Note

Certain plugins can contain additional attributes not documented here.

Example

"attributes": {
  "plugin_modification_date": "2018-07-19T00:00:00Z",
  "plugin_version": "1.12",
  "exploited_by_malware": false,
  "description": "A cross-site scripting (XSS) vulnerability exists in the admin CGI script for Mailman before 2.1.4. This update moves Mailman to version 2.1.4 which is not vulnerable to this issue.\n\nUpdated packages were made available in February 2004 however the original update notification email did not make it to fedora-announce-list at that time.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.",
  "unsupported_by_vendor": false,
  "cvss_temporal_score": 0.0,
  "patch_publication_date": "2004-02-26T00:00:00Z",
  "see_also": ["http://www.nessus.org/u?564bb3fe"],
  "default_account": false,
  "exploit_available": false,
  "exploit_framework_canvas": false,
  "cvss_base_score": 0.0,
  "solution": "Update the affected mailman and / or mailman-debuginfo packages.",
  "exploit_framework_exploithub": false,
  "cpe": ["cpe:/o:fedoraproject:fedora_core:1", "p-cpe:/a:fedoraproject:fedora:mailman-debuginfo", "p-cpe:/a:fedoraproject:fedora:mailman"],
  "plugin_publication_date": "2004-07-23T00:00:00Z",
  "exploit_framework_core": false,
  "in_the_news": false,
  "has_patch": true,
  "xref": ["FEDORA:2004-060"],
  "malware": false,
  "exploit_framework_d2_elliot": false,
  "xrefs": [{
      "type": "FEDORA",
      "id": "2004-060"
    }
  ],
  "risk_factor": "High",
  "synopsis": "The remote Fedora Core host is missing a security update.",
  "cvss3_temporal_score": 0.0,
  "exploited_by_nessus": false,
  "cvss3_base_score": 0.0,
  "exploit_framework_metasploit": false,
  "plugin_type": "local"
}