CVE-2019-0976

EUVD-2022-2188
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default "obj"), aka 'NuGet Package Manager Tampering Vulnerability'.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
microsoftnuget
5.0.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nuget
bookworm
2.8.7+md510+dhx1-1.1
fixed
bullseye
2.8.7+md510+dhx1-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nuget
bionic
not-affected
cosmic
ignored
disco
not-affected
trusty
dne
xenial
not-affected
References
http://www.securityfocus.com/bid/108210
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976
http://www.securityfocus.com/bid/108210
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976