CVE-2019-0757medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757
Details
Source: MITRE
Published: 2019-04-09
Updated: 2021-09-08
Type: NVD-CWE-noinfo
Risk Information
CVSS v2
Base Score: 4
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8
Severity: MEDIUM
CVSS v3
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
AND
OR
OR
Configuration 2
OR
cpe:2.3:a:microsoft:nuget:4.9.4:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:nuget:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:nuget:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:nuget:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:nuget:4.8.2:*:*:*:*:*:*:*
Configuration 3
OR
cpe:2.3:a:mono-project:mono_framework:5.18.0.223:*:*:*:*:*:*:*
Configuration 4
AND
OR
OR
Configuration 5
AND
OR
OR
Configuration 6
AND
OR
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 145596 | CentOS 8 : dotnet (CESA-2019:1259) | Nessus | CentOS Local Security Checks | medium |
| 127585 | Oracle Linux 8 : dotnet (ELSA-2019-1259) | Nessus | Oracle Linux Local Security Checks | medium |
| 125347 | RHEL 8 : dotnet (RHSA-2019:1259) | Nessus | Red Hat Local Security Checks | medium |
| 122886 | RHEL 7 : dotNET (RHSA-2019:0544) | Nessus | Red Hat Local Security Checks | medium |
| 122778 | Security Update for .NET Core SDK (March 2019) | Nessus | Windows | medium |