CVE-2019-0757

6.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Visual Studio; .net Core Sdk; Nuget; Mono Framework
Vendor: CVE Published:; 9 April 2019

Summary

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.

Affected Version(s)

.NET Core SDK 1.1 on .NET Core 1.0

.NET Core SDK 2.1.500 on .NET Core 2.1

.NET Core SDK 2.2.100 on .NET Core 2.2

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2019:1259

vendor-advisoryx_refsource_REDHAT

EPSS Score

0% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2019
Vulnerability Reserved
Nov 26, 2018

Collectors

NVD DatabaseMitre Database