Vulnerability Details : CVE-2019-0976
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default "obj"), aka 'NuGet Package Manager Tampering Vulnerability'.
Products affected by CVE-2019-0976
- cpe:2.3:a:microsoft:nuget:5.0.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-0976
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-0976
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
1.8
|
3.6
|
NIST |
References for CVE-2019-0976
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976
CVE-2019-0976 | NuGet Package Manager Tampering VulnerabilityPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/108210
Microsoft NuGet Package Manager CVE-2019-0976 Tampering Security Bypass VulnerabilityBroken Link
Jump to