{"containers": {"cna": {"affected": [{"product": "ASP.NET Core", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "2.1"}, {"status": "affected", "version": "2.2"}, {"status": "affected", "version": "3.0"}]}], "descriptions": [{"lang": "en", "value": "An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'."}], "problemTypes": [{"descriptions": [{"description": "Elevation of Privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-11T21:25:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2019-1302", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ASP.NET Core", "version": {"version_data": [{"version_value": "2.1"}, {"version_value": "2.2"}, {"version_value": "3.0"}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Elevation of Privilege"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:13:30.222Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2019-1302", "datePublished": "2019-09-11T21:25:01", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T18:13:30.222Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "19C3047E-C222-4636-B1B3-722F2C65BC99", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "90F640B8-C1C6-4C88-B7F4-28DB05BB1F18", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E4319AB8-5013-46B4-8E3C-6FDCFC65FC7E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de elevaci\u00f3n de privilegios cuando una aplicaci\u00f3n web de ASP.NET Core, creada usando plantillas de proyecto vulnerables, no puede sanear apropiadamente las peticiones web, tambi\u00e9n se conoce como \"ASP.NET Core Elevation Of Privilege Vulnerability\"."}], "id": "CVE-2019-1302", "lastModified": "2024-11-21T04:36:26.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-11T22:15:19.087", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}