CVE-2019-0976

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default "obj"), aka 'NuGet Package Manager Tampering Vulnerability'.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
microsoftnuget
5.0.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nuget
bookworm
2.8.7+md510+dhx1-1.1
fixed
bullseye
2.8.7+md510+dhx1-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nuget
disco
not-affected
cosmic
ignored
bionic
not-affected
xenial
not-affected
trusty
dne
References
http://www.securityfocus.com/bid/108210
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976
http://www.securityfocus.com/bid/108210
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976