Context
We currently store severity_rating and severity_score for reports, but not the individual CVSS vector components that explain why it received that score.
Missing Fields
The HackerOne API returns these in attributes.severity:
attack_vector (Network, Adjacent, Local, Physical)attack_complexity (Low, High)privileges_required (None, Low, High)user_interaction (None, Required)scope (Unchanged, Changed)confidentiality (None, Low, High)integrity (None, Low, High)availability (None, Low, High)cvss_vector_string — e.g. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Changes Needed
- Add columns to
Report model (or a separate report_severity table)
- Parse from
attrs["severity"] dict in HackerOneAdapter.fetch_reports() and fetch_report_detail()
- Add fields to
ReportData dataclass, ReportRead schema
- Expose in API response and frontend report detail view
Value
Lets users filter/sort by specific CVSS dimensions (e.g. "show me all reports where scope=Changed") and understand severity reasoning without opening H1.
Context
We currently store
severity_ratingandseverity_scorefor reports, but not the individual CVSS vector components that explain why it received that score.Missing Fields
The HackerOne API returns these in
attributes.severity:attack_vector(Network, Adjacent, Local, Physical)attack_complexity(Low, High)privileges_required(None, Low, High)user_interaction(None, Required)scope(Unchanged, Changed)confidentiality(None, Low, High)integrity(None, Low, High)availability(None, Low, High)cvss_vector_string— e.g.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:NChanges Needed
Reportmodel (or a separatereport_severitytable)attrs["severity"]dict inHackerOneAdapter.fetch_reports()andfetch_report_detail()ReportDatadataclass,ReportReadschemaValue
Lets users filter/sort by specific CVSS dimensions (e.g. "show me all reports where scope=Changed") and understand severity reasoning without opening H1.