Lucene search

Veracode Vulnerability DatabaseVERACODE:20713

HistoryJul 08, 2019 - 12:41 p.m.

Insecure Access Controls

2019-07-0812:41:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

JSON

nuget package manager uses insecure access controls. An authenticated attacker is able to tamper and modify contents of the intermediate build folder (obj).

CPENameOperatorVersion
nuget.packagemanagementle5.0.1
nuget.packagemanagementle5.0.1

CPE	Name	Operator	Version
	nuget.packagemanagement	le	5.0.1
	nuget.packagemanagement	le	5.0.1

References

www.securityfocus.com/bid/108210

github.com/NuGet/Home/issues/7908

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

JSON

Related for VERACODE:20713