CVE-2019-0757

Published: Apr 9, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.

Affected (21)

Products: Microsoft: Visual Studio 2017, Nuget, .net Core Sdk · Mono Project: Mono Framework · Redhat: Enterprise Linux, Enterprise Linux Eus, Enterprise Linux Server Aus, Enterprise Linux Server Tus

3 products

1 product

4 products

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Visual Studio 2017	All versions

Running on/with	Platform Versions
Apple Macos	All versions

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Microsoft Nuget	Version 4.3.1
Microsoft Nuget	Version 4.4.2
Microsoft Nuget	Version 4.5.2
Microsoft Nuget	Version 4.6.3
Microsoft Nuget	Version 4.7.2
Microsoft Nuget	Version 4.8.2
Microsoft Nuget	Version 4.9.4

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Mono Project Mono Framework	Version 5.18.0.223
Mono Project Mono Framework	Version 5.20.0

Configuration D

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Microsoft .net Core Sdk	Version 1.1

Running on/with	Platform Versions
Microsoft .net Core	Version 1.0
Microsoft .net Core	Version 1.1

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft .net Core Sdk	Version 2.1.500

Running on/with	Platform Versions
Microsoft .net Core	Version 2.1

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft .net Core Sdk	Version 2.2.100

Running on/with	Platform Versions
Microsoft .net Core	Version 2.2

Configuration G

8 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux Eus	Version 8.1
Redhat Enterprise Linux Eus	Version 8.2
Redhat Enterprise Linux Eus	Version 8.4
Redhat Enterprise Linux Server Aus	Version 8.2
Redhat Enterprise Linux Server Aus	Version 8.4
Redhat Enterprise Linux Server Tus	Version 8.2
Redhat Enterprise Linux Server Tus	Version 8.4

References (4)

https://access.redhat.com/errata/RHSA-2019:1259

Source: secure@microsoft.com

Third Party Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757

Source: secure@microsoft.com

PatchVendor Advisory

https://access.redhat.com/errata/RHSA-2019:1259

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.