Hellow there, im working on VbD features, but i’ve noticed that same vulnerability can be in multiple folders with different codes, for example: I’ve seen CSRF features with different folder name codes (CWE-0079, CWE-0352, CWE-0319, CWE-200) despite is the same vulnerability.
So i decided to look into the VbD Structure guide rules and VbD Submission guide but it is not specified.
My question is: Once I found a vulnerability, if it fits in multiple CWE codes, How to choose the folder name one?