/ DOCS
nav-img
Advanced

Creating a Vulnerability Scan Task

Function

This API is used to create a vulnerability scan task.

URI

POST /v5/{project_id}/vulnerability/scan-task

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID.

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

enterprise_project_id

No

String

Enterprise project ID of the tenant

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token.

It can be obtained by calling an IAM API. The value of X-Subject-Token in the response header is the user token.

Table 4 Request body parameters

Parameter

Mandatory

Type

Description

manual_scan_type

No

Array of strings

Operation type. The options are as follows:

-linux_vul: Linux vulnerability

-windows_vul: Windows vulnerability

-web_cms: Web-CMS vulnerability

-app_vul: application vulnerability

-urgent_vul: emergency vulnerability

batch_flag

No

Boolean

Specifies whether the operation is performed in batches. If the value is true, all supported servers are scanned.

range_type

No

String

Range of servers to be scanned. The options are as follows:

-all_host: Scan all servers. You do not need to set agent_id_list for this type.

-specific_host:

agent_id_list

No

Array of strings

Server list

urgent_vul_id_list

No

Array of strings

Scan all ID list of emergency vulnerabilities. If this parameter is left blank, all emergency vulnerabilities are scanned.

Its value can be:

URGENT-CVE-2023-46604 Apache ActiveMQ Remote Code Execution Vulnerability

URGENT-HSSVD-2020-1109 Elasticsearch Unauthorized Access Vulnerability

URGENT-CVE-2022-26134 Atlassian Confluence OGNL Remote Code Execution Vulnerability (Cve-2022-26134)

URGENT-CVE-2023-22515 Atlassian Confluence Data Center and Server Privilege Escalation Vulnerability (CVE-2023-22515)

URGENT-CVE-2023-22518 Atlassian Confluence Data Center & Server Inappropriate Authorization Mechanism Vulnerability (CVE-2023-22518)

URGENT-CVE-2023-28432 MinIO Information Disclosure Vulnerability (CVE-2023-28432)

URGENT-CVE-2023-37582 Apache RocketMQ Remote Code Execution Vulnerability (CVE-2023-37582)

URGENT-CVE-2023-33246 Apache RocketMQ Remote Code Execution Vulnerability (CVE-2023-33246)

URGENT-CNVD-2023-02709 ZENTAO Project Management System Remote Command Execution Vulnerability (CNVD-2023-02709)

URGENT-CVE-2022-36804 Atlassian Bitbucket Server and Data Center Command Injection Vulnerability (CVE-2022-36804)

URGENT-CVE-2022-22965 Spring Framework JDK >= 9 Remote Code Execution Vulnerability

URGENT-CVE-2022-25845 fastjson <1.2.83 Remote Code Execution Vulnerability

URGENT-CVE-2019-14439 Jackson-databind Remote Command Execution Vulnerability (CVE-2019-14439)

URGENT-CVE-2020-13933 Apache Shiro Authentication Bypass Vulnerability (CVE-2020-13933)

URGENT-CVE-2020-26217 XStream < 1.4.14 Remote Code Execution Vulnerability (CVE-2020-26217)

URGENT-CVE-2021-4034 Linux Polkit Privilege Escalation Vulnerability (CVE-2021-4034)

URGENT-CVE-2021-44228 Apache Log4j2 Remote Code Execution Vulnerability (CVE-2021-44228 and CVE-2021-45046)

URGENT-CVE-2022-0847 Dirty Pipe - Linux Kernel Local Privilege Escalation Vulnerability (CVE-2022-0847)

Response Parameters

Status code: 200

Table 5 Response body parameters

Parameter

Type

Description

task_id

String

Detection task ID

Example Requests

Create an emergency vulnerability detection task whose agent_id is 0253edfd-30e7-439d-8f3f-17c54c997064 and vulnerability ID list is urgent_vul_id_list.

POST https://{endpoint}/v5/{project_id}/vulnerability/scan-task?enterprise_project_id=XXX


{
  "manual_scan_type" : "urgent_vul",
  "batch_flag" : false,
  "range_type" : "specific_host",
  "agent_id_list" : [ "0253edfd-30e7-439d-8f3f-17c54c997064" ],
  "urgent_vul_id_list" : [ "URGENT-CVE-2023-46604", "URGENT-HSSVD-2020-1109", "URGENT-CVE-2022-26134", "URGENT-CVE-2023-22515", "URGENT-CVE-2023-22518", "URGENT-CVE-2023-28432", "URGENT-CVE-2023-37582", "URGENT-CVE-2023-33246", "URGENT-CNVD-2023-02709", "URGENT-CVE-2022-36804", "URGENT-CVE-2022-22965", "URGENT-CVE-2022-25845", "URGENT-CVE-2019-14439", "URGENT-CVE-2020-13933", "URGENT-CVE-2020-26217", "URGENT-CVE-2021-4034", "URGENT-CVE-2021-44228", "URGENT-CVE-2022-0847" ]
}

Example Responses

Status code: 200

Request succeeded.

{
  "task_id" : "d8a12cf7-6a43-4cd6-92b4-aabf1e917"
}

Status Codes

Status Code

Description

200

Request succeeded.

Error Codes

Parent topic: Vulnerability Management
Предыдущая статья
Querying Vulnerability Information About a Server
Следующая статья
Querying a Vulnerability Scan Policy
Была ли эта статья полезна?
Поддержка Юридические документы
© 2025 Cloud.ru