CVE-2019-0976

CWE-732 — Incorrect Permission Assignment9 documents7 sources

Severity

5.5MEDIUM

EPSS

0.3%

top 49.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Nuget

Timeline

PublishedMay 16

Latest updateMay 24

Description

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default "obj"), aka 'NuGet Package Manager Tampering Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NuGetNuGet.Commands5.0.0 — 5.0.2

▶CVEListV5microsoft/nuget5.0.2

▶NVDmicrosoft/nuget5.0.2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

NuGet Package Manager Tampering Vulnerability↗2022-05-24

▶

OSV

NuGet Package Manager Tampering Vulnerability↗2022-05-24

▶

CVEList

CVE-2019-0976: A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the i↗2019-05-16

▶

📋Vendor Advisories

Microsoft

NuGet Package Manager Tampering Vulnerability↗2019-05-14

▶

Debian

CVE-2019-0976: nuget - A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac ...↗2019

▶

💬Community

Bugzilla

CVE-2019-0976 nuget: tampering vulnerabilityallows authenticated attacker to modify intermediate build folder [epel-7]↗2019-05-27

▶

Bugzilla

CVE-2019-0976 nuget: tampering vulnerabilityallows authenticated attacker to modify intermediate build folder↗2019-05-27

▶

Bugzilla

CVE-2019-0976 nuget: tampering vulnerabilityallows authenticated attacker to modify intermediate build folder [fedora-all]↗2019-05-27

▶