Lucene search

[email protected]NVD:CVE-2019-0976

HistoryMay 16, 2019 - 7:29 p.m.

CVE-2019-0976

2019-05-1619:29:04

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

5.2

Confidence

High

EPSS

Percentile

9.8%

JSON

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default “obj”), aka ‘NuGet Package Manager Tampering Vulnerability’.

Affected configurations

Nvd

Node

microsoftnugetMatch5.0.2

AND

applemacosMatch-

linuxlinux_kernelMatch-

VendorProductVersionCPE
microsoftnuget5.0.2cpe:2.3:a:microsoft:nuget:5.0.2:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	nuget	5.0.2	cpe:2.3:a:microsoft:nuget:5.0.2:::::::*
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*