Object
Issue
A potential security vulnerability that has been identified on one of your sites by a scan.
Fields
accepted_risk():
Boolean!
Indicates whether the issue has been marked as accepted risk.
change_history():
[IssueChangeHistory!]
Change history for this issue
confidence():
Confidence!
Indicates how confident Burp Scanner is that the identified issue is a genuine vulnerability. This
reflects the inherent reliability of the technique that was used to identify the issue.
description_html():
String
A description of this occurrence of the issue, including information about how it arose and how it
could potentially be exploited by an attacker.
display_confidence():
Confidence
Deprecated: Replaced by confidence/original confidence
The confidence that was manually set by a user. At the moment, this can only be used to mark an
issue as a false positive.
evidence():
[Evidence!]
A list of evidence that the scan found for the issue, such as the HTTP request and response that can be
exploited.
false_positive_note():
String
Deprecated: Replaced by change_history
Note submitted when the issue was marked as a false positive.
false_positive_timestamp():
Timestamp
Deprecated: Replaced by change_history
Timestamp when the issue was marked as a false positive.
false_positive_username():
String
Deprecated: Replaced by change_history
Name of the user who marked the issue as a false positive.
fingerprint():
String
A unique identifier for the issue that can be used to track it across scans.
generated_by_bcheck():
GeneratedByBCheck
The BCheck that generated the issue, if there is one.
generated_by_extension():
GeneratedByExtension
The extension that generated the issue, if there is one.
issue_type():
IssueType
The type of issue that was found by a scan, for example, an SQL injection vulnerability.
novelty():
Novelty
Indicates this issue's relationship to the results of the previous scan, for example, whether this is a new issue that was not identified by the previous scan.
origin():
String!
The host on which the issue was found.
original_confidence():
Confidence
The original confidence of the issue as reported by the scanner.
original_severity():
Severity!
The original severity of the issue as reported by the scanner.
path():
String!
The URL path at which the issue was found, excluding the query string.
remediation_html():
String
A brief overview of measures you can take to try and resolve this issue.
serial_number():
ID!
A unique identifier for the individual instance of the issue.
severity():
Severity!
Indicates how dangerous the identified issue is. The higher the severity level, the larger the impact
is likely to be if an attacker is able to exploit this vulnerability.
tickets():
[Ticket!]
A list of tickets that are linked to this issue. Note that this is only applicable if you have
configured the integration between Burp Suite Enterprise Edition and Jira using the REST API.
Example
Query
query getIssue ($scanId: ID!, $serialNumber: ID!) {
issue (scan_id: $scanId, serial_number: $serialNumber) {
issue_type
{
type_index,
name,
description_html,
remediation_html,
vulnerability_classifications_html,
references_html
},
display_confidence
serial_number
remediation_html
description_html
confidence
severity
path
origin
generated_by_extension {
name
}
evidence {
... on Request {
request_index
request_count
request_segments {
... on DataSegment {
data_html
}
... on HighlightSegment {
highlight_html
}
... on SnipSegment {
snip_length
}
}
}
... on Response {
response_index
response_count
response_segments {
... on DataSegment {
data_html
}
... on HighlightSegment {
highlight_html
}
... on SnipSegment {
snip_length
}
}
}
... on HttpInteraction {
title
description_html
request {
... on DataSegment {
data_html
}
... on HighlightSegment {
highlight_html
}
... on SnipSegment {
snip_length
}
}
response {
... on DataSegment {
data_html
}
... on HighlightSegment {
highlight_html
}
... on SnipSegment {
snip_length
}
}
}
... on DescriptiveEvidence {
title
description_html
}
}
}
}
Variables
{
"scanId": "2",
"serialNumber": "314276827364273645"
}
Result
{
"data": {
"issue": {
"issue_type": {
"type_index": null,
"name": null,
"description_html": null,
"remediation_html": null,
"vulnerability_classifications_html": null,
"references_html": null
},
"display_confidence": null,
"serial_number": null,
"remediation_html": null,
"description_html": null,
"confidence": null,
"severity": null,
"path": null,
"origin": null,
"generated_by_extension": null,
"evidence": [
{
"request_index": 0,
"request_count": 1,
"request_segments": [
{
"data_html": null
}
]
},
{
"response_index": 0,
"response_count": 1,
"response_segments": [
{
"data_html": null
},
{
"highlight_html": null
},
{
"data_html": null
}
]
}
]
}
}
}