Nuget
CVE-2023-29337
HIGH
Severity by source
AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary rating from Vendor (microsoft) · only source for this CVE.
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
NuGet Client Remote Code Execution Vulnerability
AnalysisAI
NuGet Client Remote Code Execution Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.
Technical ContextAI
This vulnerability is classified under CWE-367. Affected products include: Microsoft Nuget.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rat
An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in th
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attack
.NET Framework Information Disclosure Vulnerability. Rated medium severity (CVSS 5.8).
.NET and Visual Studio Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attack
Share
External POC / Exploit Code
Leaving vuln.today