CVE-2019-0757

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
microsoftvisual_studio_2017
-
microsoftnuget
4.3.1
microsoftnuget
4.4.2
microsoftnuget
4.5.2
microsoftnuget
4.6.3
microsoftnuget
4.7.2
microsoftnuget
4.8.2
microsoftnuget
4.9.4
mono-projectmono_framework
5.18.0.223
mono-projectmono_framework
5.20.0
microsoft.net_core_sdk
1.1
microsoft.net_core_sdk
2.1.500
microsoft.net_core_sdk
2.2.100
redhatenterprise_linux
8.0
redhatenterprise_linux_eus
8.1
redhatenterprise_linux_eus
8.2
redhatenterprise_linux_eus
8.4
redhatenterprise_linux_server_aus
8.2
redhatenterprise_linux_server_aus
8.4
redhatenterprise_linux_server_tus
8.2
redhatenterprise_linux_server_tus
8.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nuget
bookworm
2.8.7+md510+dhx1-1.1
fixed
bullseye
2.8.7+md510+dhx1-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nuget
disco
not-affected
cosmic
ignored
bionic
not-affected
xenial
not-affected
trusty
dne
References
https://access.redhat.com/errata/RHSA-2019:1259
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757
https://access.redhat.com/errata/RHSA-2019:1259
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757