CVE-2019-1079

CWE-20Improper Input Validation4 documents4 sources
Severity
6.5MEDIUM
EPSS
25.3%
top 3.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Microsoft Visual StudioMicrosoft Visual Studio
Timeline
PublishedJul 15
Latest updateMay 24

Description

An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDmicrosoft/visual_studio4 versions+3
CVEListV5microsoft/microsoft_visual_studio4 versions+3

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-9grw-p63q-8443: An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Informatio2022-05-24
CVEList
CVE-2019-1079: An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Informatio2019-07-15

📋Vendor Advisories

1
Microsoft
Visual Studio Information Disclosure Vulnerability2019-07-09
CVE-2019-1079 (MEDIUM CVSS 6.5) | An information disclosure vulnerabi | cvebase.io