7.5
CVE-2019-1351
- EPSS 8.72%
- Veröffentlicht 24.01.2020 21:15:12
- Zuletzt bearbeitet 21.11.2024 04:36:32
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Visual Studio 2017 Version >= 15.0 < 15.9.18
Microsoft ≫ Visual Studio 2019 Version >= 16.0 < 16.4.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.72% | 0.945 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-706 Use of Incorrectly-Resolved Name or Reference
The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/
https://security.gentoo.org/glsa/202003-30
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351