From 003f98bdc6a735d6f97cf2878025290945579f81 Mon Sep 17 00:00:00 2001
From: Timmy <shpejtim.kurtishaj@bugcrowd.com>
Date: Mon, 26 Jun 2023 11:27:40 +0200
Subject: [PATCH 1/5] Failure to invalidate session on permission change

Adding Failure to invalidate session on permission change as a new VRT entry.
---
 mappings/cvss_v3/cvss_v3.json                       | 4 ++++
 mappings/cwe/cwe.json                               | 6 ++++++
 mappings/remediation_advice/remediation_advice.json | 4 ++++
 vulnerability-rating-taxonomy.json                  | 6 ++++++
 4 files changed, 20 insertions(+)

diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json
index 66093cd..99ba9e5 100644
--- a/mappings/cvss_v3/cvss_v3.json
+++ b/mappings/cvss_v3/cvss_v3.json
@@ -374,6 +374,10 @@
               "id": "on_logout",
               "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
             },
+            {
+              "id": "permission_change",
+              "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
+            },
             {
               "id": "on_logout_server_side_only",
               "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
diff --git a/mappings/cwe/cwe.json b/mappings/cwe/cwe.json
index 0095b8d..d990df4 100644
--- a/mappings/cwe/cwe.json
+++ b/mappings/cwe/cwe.json
@@ -210,7 +210,13 @@
         },
         {
           "id": "failure_to_invalidate_session",
+          "cwe": ["CWE-613"],
+          "children": [
+            {
+          "id": ["permission_change"],
           "cwe": ["CWE-613"]
+            }
+          ]
         },
         {
           "id": "concurrent_logins",
diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json
index 978af0b..af14be5 100644
--- a/mappings/remediation_advice/remediation_advice.json
+++ b/mappings/remediation_advice/remediation_advice.json
@@ -703,6 +703,10 @@
                 "https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Session_Management_Cheat_Sheet.md#manual-session-expiration"
               ]
             },
+            {
+              "id": "permission_change",
+              "remediation_advice": "Review and update the necessary permissions, ensuring they align with the new requirements, and consider implementing a robust permission management system for better control and tracking.",
+            },
             {
               "id": "on_logout_server_side_only",
               "remediation_advice": "Properly invalidate the session on the server-side when the user logs out of their session.",
diff --git a/vulnerability-rating-taxonomy.json b/vulnerability-rating-taxonomy.json
index 2491dc3..7cd2312 100644
--- a/vulnerability-rating-taxonomy.json
+++ b/vulnerability-rating-taxonomy.json
@@ -759,6 +759,12 @@
               "type": "variant",
               "priority": 4
             },
+            {
+              "id": "permission_change",
+              "name": "On Permission Change",
+              "type": "variant",
+              "priority": null
+            },
             {
               "id": "on_logout_server_side_only",
               "name": "On Logout (Server-Side Only)",

From 3ee9c1702bf1a50c222b576b00bc592548c82ae9 Mon Sep 17 00:00:00 2001
From: Timmy <shpejtim.kurtishaj@bugcrowd.com>
Date: Mon, 26 Jun 2023 11:36:07 +0200
Subject: [PATCH 2/5] Update cwe.json

---
 mappings/cwe/cwe.json | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/mappings/cwe/cwe.json b/mappings/cwe/cwe.json
index d990df4..e6e27e0 100644
--- a/mappings/cwe/cwe.json
+++ b/mappings/cwe/cwe.json
@@ -206,17 +206,16 @@
         },
         {
           "id": "session_fixation",
-          "cwe": ["CWE-384"]
-        },
-        {
-          "id": "failure_to_invalidate_session",
-          "cwe": ["CWE-613"],
           "children": [
             {
-          "id": ["permission_change"],
-          "cwe": ["CWE-613"]
+              "id": "permission_change",
+              "cwe": ["CWE-384"]
             }
           ]
+        }
+        {
+          "id": "failure_to_invalidate_session",
+          "cwe": ["CWE-613"]
         },
         {
           "id": "concurrent_logins",

From 07ff7fe73ab0f00a4bc21f3ad8ccb5b20e7afd4d Mon Sep 17 00:00:00 2001
From: Timmy <shpejtim.kurtishaj@bugcrowd.com>
Date: Mon, 26 Jun 2023 11:40:14 +0200
Subject: [PATCH 3/5] Update cwe.json

---
 mappings/cwe/cwe.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mappings/cwe/cwe.json b/mappings/cwe/cwe.json
index e6e27e0..28bd5ee 100644
--- a/mappings/cwe/cwe.json
+++ b/mappings/cwe/cwe.json
@@ -212,7 +212,7 @@
               "cwe": ["CWE-384"]
             }
           ]
-        }
+        },
         {
           "id": "failure_to_invalidate_session",
           "cwe": ["CWE-613"]

From 18e0103405f01e5ee2ed628328f617f990f4fcc2 Mon Sep 17 00:00:00 2001
From: Timmy <shpejtim.kurtishaj@bugcrowd.com>
Date: Mon, 26 Jun 2023 11:44:06 +0200
Subject: [PATCH 4/5] Update remediation_advice.json

---
 mappings/remediation_advice/remediation_advice.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json
index af14be5..c957ed2 100644
--- a/mappings/remediation_advice/remediation_advice.json
+++ b/mappings/remediation_advice/remediation_advice.json
@@ -705,7 +705,7 @@
             },
             {
               "id": "permission_change",
-              "remediation_advice": "Review and update the necessary permissions, ensuring they align with the new requirements, and consider implementing a robust permission management system for better control and tracking.",
+              "remediation_advice": "Review and update the necessary permissions, ensuring they align with the new requirements, and consider implementing a robust permission management system for better control and tracking."
             },
             {
               "id": "on_logout_server_side_only",

From 61c8a38ce368fee1fd2324bc1393be5e2e221efe Mon Sep 17 00:00:00 2001
From: Timmy <shpejtim.kurtishaj@bugcrowd.com>
Date: Mon, 26 Jun 2023 11:46:07 +0200
Subject: [PATCH 5/5] Update cwe.json

---
 mappings/cwe/cwe.json | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/mappings/cwe/cwe.json b/mappings/cwe/cwe.json
index 28bd5ee..0095b8d 100644
--- a/mappings/cwe/cwe.json
+++ b/mappings/cwe/cwe.json
@@ -206,12 +206,7 @@
         },
         {
           "id": "session_fixation",
-          "children": [
-            {
-              "id": "permission_change",
-              "cwe": ["CWE-384"]
-            }
-          ]
+          "cwe": ["CWE-384"]
         },
         {
           "id": "failure_to_invalidate_session",