{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://api-evangelist.github.io/red-hat-enterprise-linux-8/json-schema/red-hat-enterprise-linux-8-cve-schema.json",
  "title": "Red Hat RHEL CVE",
  "description": "Schema for a Common Vulnerability and Exposure (CVE) record from the Red Hat Security Data API.",
  "type": "object",
  "required": ["CVE", "severity"],
  "properties": {
    "CVE": {
      "type": "string",
      "description": "CVE identifier",
      "pattern": "^CVE-\\d{4}-\\d+$",
      "examples": ["CVE-2024-1234"]
    },
    "severity": {
      "type": "string",
      "enum": ["Critical", "Important", "Moderate", "Low"],
      "description": "Red Hat severity rating for this CVE"
    },
    "public_date": {
      "type": "string",
      "format": "date-time",
      "description": "Date the CVE was publicly disclosed"
    },
    "bugzilla": {
      "type": "string",
      "format": "uri",
      "description": "URL to the Red Hat Bugzilla entry for this CVE"
    },
    "bugzilla_description": {
      "type": "string",
      "description": "Description from the Bugzilla entry"
    },
    "cvss_score": {
      "type": "number",
      "minimum": 0,
      "maximum": 10,
      "description": "CVSS v2 score"
    },
    "cvss3_score": {
      "type": "number",
      "minimum": 0,
      "maximum": 10,
      "description": "CVSS v3 score"
    },
    "cwe": {
      "type": "string",
      "description": "Common Weakness Enumeration identifier",
      "pattern": "^CWE-\\d+$"
    },
    "details": {
      "type": "array",
      "description": "Detailed description of the vulnerability",
      "items": {
        "type": "string"
      }
    },
    "acknowledgement": {
      "type": "string",
      "description": "Credit to those who reported or discovered the vulnerability"
    },
    "affected_release": {
      "type": "array",
      "description": "List of Red Hat product releases affected by this CVE",
      "items": {
        "type": "object",
        "properties": {
          "product_name": {
            "type": "string",
            "description": "Affected product name"
          },
          "release_date": {
            "type": "string",
            "format": "date-time",
            "description": "Date the fix was released"
          },
          "advisory": {
            "type": "string",
            "description": "Associated Red Hat security advisory ID"
          },
          "package": {
            "type": "string",
            "description": "Fixed package name and version (NVR format)"
          },
          "cpe": {
            "type": "string",
            "description": "CPE identifier for the affected product"
          }
        }
      }
    }
  }
}