var-201909-0498
Vulnerability from variot
An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'. The vendor ASP.NET Core As a privilege escalation vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Microsoft ASP.NET Core version 2.1, 2.2, and 3.0 have an input validation error vulnerability. An attacker could use this vulnerability to run a script in the security context of the current user
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0498", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "asp.net core", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "2.1" }, { "model": "asp.net core", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "2.2" }, { "model": "asp.net core", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "3.0" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009186" }, { "db": "CNNVD", "id": "CNNVD-201909-483" }, { "db": "NVD", "id": "CVE-2019-1302" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:microsoft:asp.net_core", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009186" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ian Routledge (@ediblecode)", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-483" } ], "trust": 0.6 }, "cve": "CVE-2019-1302", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2019-1302", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2019-1302", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-1302", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-1302", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-1302", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201909-483", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009186" }, { "db": "CNNVD", "id": "CNNVD-201909-483" }, { "db": "NVD", "id": "CVE-2019-1302" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka \u0027ASP.NET Core Elevation Of Privilege Vulnerability\u0027. The vendor ASP.NET Core As a privilege escalation vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. \nMicrosoft ASP.NET Core version 2.1, 2.2, and 3.0 have an input validation error vulnerability. An attacker could use this vulnerability to run a script in the security context of the current user", "sources": [ { "db": "NVD", "id": "CVE-2019-1302" }, { "db": "JVNDB", "id": "JVNDB-2019-009186" }, { "db": "CNNVD", "id": "CNNVD-201909-483" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-1302", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2019-009186", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201909-483", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009186" }, { "db": "CNNVD", "id": "CNNVD-201909-483" }, { "db": "NVD", "id": "CVE-2019-1302" } ] }, "id": "VAR-201909-0498", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.19172932 }, "last_update_date": "2024-11-23T22:25:47.264000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2019-1302 | ASP.NET Core Elevation Of Privilege Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1302" }, { "title": "CVE-2019-1302 | ASP.NET Core \u306e\u7279\u6a29\u306e\u6607\u683c\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-1302" }, { "title": "Microsoft ASP.NET Core Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98071" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009186" }, { "db": "CNNVD", "id": "CNNVD-201909-483" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009186" }, { "db": "NVD", "id": "CVE-2019-1302" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1302" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1302" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1302" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20190911-ms.html" }, { "trust": 0.8, "url": "https://www.jpcert.or.jp/at/2019/at190036.html" }, { "trust": 0.6, "url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-1302" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-net-core-vulnerabilities-of-september-2019-30306" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009186" }, { "db": "CNNVD", "id": "CNNVD-201909-483" }, { "db": "NVD", "id": "CVE-2019-1302" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2019-009186" }, { "db": "CNNVD", "id": "CNNVD-201909-483" }, { "db": "NVD", "id": "CVE-2019-1302" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009186" }, { "date": "2019-09-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-483" }, { "date": "2019-09-11T22:15:19.087000", "db": "NVD", "id": "CVE-2019-1302" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009186" }, { "date": "2019-09-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-483" }, { "date": "2024-11-21T04:36:26.117000", "db": "NVD", "id": "CVE-2019-1302" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ASP.NET Core Vulnerability in which privileges are elevated", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009186" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-483" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.