HackerOne

HackerOne supports scoring severities for reports using a CVSS 3.1 calculator. CVSS or the Common Vulnerability Scoring System is an industry standard calculator used to determine the severity of a vulnerability. The standard enables a common language around the severity of vulnerabilities. <a href="https://www.first.org/cvss/v3.1/specification-document" target="_blank" rel="nofollow noopener noreferrer">Learn more about CVSS 3.1</a>.

HackerOne’s implementation of CVSS 3.0 supports the custom environmental metric modifier: “none.” This is no longer supported in CVSS 3.1. When the CVSS 3.1 calculator is used for an asset with a “none” environmental metric modifier, it will be treated as “low” instead. <a href="https://docs.hackerone.com/en/articles/8495699-environmental-score">Learn more about environmental scores</a>.

The affected asset in the report may have a maximum severity. In this case, the calculator will automatically cap the score and severity rating. The presence of a maximum severity will be indicated in the severity calculator.

CVSS 3.1

HackerOne API

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Severity Caps