CVE-2019-0757 – dotnet: NuGet Tampering Vulnerability
https://notcve.org/view.php?id=CVE-2019-0757
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. Existe una vulnerabilidad de manipulación en NuGet Package Manager para Linux y Mac que podría permitir que un atacante autenticado modifique la estructura de carpetas de un paquete de NuGet, también conocida como 'NuGet Package Manager Tampering Vulnerability'. A flaw was found in dotnet. A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. • https://access.redhat.com/errata/RHSA-2019:1259 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757 https://access.redhat.com/security/cve/CVE-2019-0757 https://bugzilla.redhat.com/show_bug.cgi?id=1685475 • CWE-732: Incorrect Permission Assignment for Critical Resource •