Standardlikelihood: Mediumseverity: HighStable

CAPEC-691Spoof Open-Source Software Metadata

Abstraction
Standard
Status
Stable
Likelihood
Medium
Severity
High

Description

Metadata: standard CAPEC pattern, status stable, likelihood medium, severity high. Underlying weakness: CWE-494. Mapped ATT&CK techniques: [object Object], [object Object]. Related CAPEC patterns: [object Object], [object Object], [object Object], [object Object]. Metadata: standard CAPEC pattern, status stable, likelihood medium, severity high. Underlying weakness: CWE-494. Mapped ATT&CK techniques: [object Object], [object Object]. Related CAPEC patterns: [object Object], [object Object], [object Object], [object Object].

Related weaknesses· 1

CWE-494

MITRE ATT&CK crosswalk· 2

T1195.001: Supply Chain Compromise: Compromise Software Dependencies and Development ToolsT1195.002: Supply Chain Compromise: Compromise Software Supply Chain

Related attack patterns· 4

CAPEC-690 (ChildOf)CAPEC-184 (CanPrecede)CAPEC-444 (CanPrecede)CAPEC-630 (PeerOf)

Exploits1

TypeTargetConfidenceTier
WeaknessDownload of Code Without Integrity Checkcwe-494100%live

Related to2

TypeTargetConfidenceTier
SubTechniqueCompromise Software Supply Chaint1195.002100%live
SubTechniqueCompromise Software Dependencies and Development Toolst1195.001100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Spoof Version Control System Commit Metadata
CAPEC
Metadata Spoofing
CAPEC
Install Malicious Extension
CAPEC
Server Side Request Forgery
CAPEC
Developer Signing Maliciously Altered Software
CAPEC
Malicious Logic Insertion into Product via Inclusion of Third-Party Component
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.