086 – Missing subresource integrity check

Description

The application does not properly check the integrity of resources loaded from third-party servers.

Impact

Embed compromised resources from a third party server.

Recommendation

Add the integrity attribute to HTML script tags.

Threat

Unauthorized attacker from the Internet network.

Expected Remediation Time

15 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: H
• Attack Requirements: N
• Privileges required: N
• User interaction: P
• Confidentiality (VC): N
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 178 - Use digital signatures
• 262 - Verify third-party components
• 330 - Verify Subresource Integrity

Fixes

• Ruby

Last updated

2024/02/12