cvelistv5 - cve-2019-1425

cve-2019-1425

Vulnerability from cvelistv5

Published
2019-11-12 18:53
Modified
2024-08-04 18:20
Severity ?
Summary
An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'.
References
▼	URL	Tags
	secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425	Patch, Vendor Advisory
Impacted products
▼	Vendor	Product
	Microsoft	Microsoft Visual Studio 2017
	Microsoft	Microsoft Visual Studio 2019
Show details on NVD website
JSON
To clipboard
{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:26.911Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Visual Studio 2017",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "version 15.9"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "16.0"
            },
            {
              "status": "affected",
              "version": "16.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka \u0027Visual Studio Elevation of Privilege Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-12T18:53:08",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-1425",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Visual Studio 2017",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 15.9"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "16.0"
                          },
                          {
                            "version_value": "16.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka \u0027Visual Studio Elevation of Privilege Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-1425",
    "datePublished": "2019-11-12T18:53:08",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T18:20:26.911Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-1425\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2019-11-12T19:15:14.503\",\"lastModified\":\"2020-08-24T17:37:01.140\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka \u0027Visual Studio Elevation of Privilege Vulnerability\u0027.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de elevaci\u00f3n de privilegios cuando Visual Studio no es capaz de comprobar apropiadamente los enlaces f\u00edsicos mientras extrae los archivos registrados, tambi\u00e9n se conoce como \\\"Visual Studio Elevation of Privilege Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6290EF90-AB91-4990-8D44-4F64F49AE133\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3886D126-9ADC-4AAF-8169-70F3DE3A7773\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2019:16.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAFA5034-FD50-4DAB-B676-39FB188AC3EE\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}
Action not permitted

cve-2019-1425

Vulnerability from cvelistv5

ghsa-r2h3-mjxh-65r2

Vulnerability from github

gsd-2019-1425

Vulnerability from gsd

Tags
