Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-C789-G3W9-XG6F
Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2022-05-24 16:55
VLAI
Details
An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2019-1142"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-11T22:15:00Z",
"severity": "LOW"
},
"details": "An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka \u0027.NET Framework Elevation of Privilege Vulnerability\u0027.",
"id": "GHSA-c789-g3w9-xg6f",
"modified": "2022-05-24T16:55:59Z",
"published": "2022-05-24T16:55:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1142"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1142"
}
],
"schema_version": "1.4.0",
"severity": []
}
CVE-2019-1142 (GCVE-0-2019-1142)
Vulnerability from cvelistv5 – Published: 2019-09-11 21:24 – Updated: 2024-08-04 18:06
VLAI
EPSS
Summary
An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'.
Severity
No CVSS data available.
CWE
- Elevation of Privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
32 products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:31.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft .NET Framework 4.5.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1903"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 10 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2016"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2016 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server, version 1803 (Server Core Installation)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka \u0027.NET Framework Elevation of Privilege Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-11T21:24:57.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1142"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft .NET Framework 4.5.2",
"version": {
"version_data": [
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": "1903"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5",
"version": {
"version_data": [
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows Server 2016"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows Server 2016 (Server Core installation)"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows Server, version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka \u0027.NET Framework Elevation of Privilege Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1142",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1142"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1142",
"datePublished": "2019-09-11T21:24:57.000Z",
"dateReserved": "2018-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T18:06:31.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…