{"containers": {"cna": {"affected": [{"product": "Microsoft Visual Studio 2019 version 16.5", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "unspecified"}]}, {"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "unspecified"}]}, {"product": "Microsoft Visual Studio 2019", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "16.0"}]}, {"product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "unspecified"}]}], "descriptions": [{"lang": "en", "value": "An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'."}], "problemTypes": [{"descriptions": [{"description": "Elevation of Privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-15T15:12:44.000Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-0899", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Microsoft Visual Studio 2019 version 16.5", "version": {"version_data": [{"version_value": ""}]}}, {"product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", "version": {"version_data": [{"version_value": ""}]}}, {"product_name": "Microsoft Visual Studio 2019", "version": {"version_data": [{"version_value": "16.0"}]}}, {"product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "version": {"version_data": [{"version_value": ""}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Elevation of Privilege"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:18:03.489Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-0899", "datePublished": "2020-04-15T15:12:44.000Z", "dateReserved": "2019-11-04T00:00:00.000Z", "dateUpdated": "2024-08-04T06:18:03.489Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", "matchCriteriaId": "6290EF90-AB91-4990-8D44-4F64F49AE133", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "3886D126-9ADC-4AAF-8169-70F3DE3A7773", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.4:*:*:*:*:*:*:*", "matchCriteriaId": "E904F8BF-C415-43BC-89BD-8AD912BEA82A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "6CCC238C-4305-433B-BC0F-8C537C4A963C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'."}, {"lang": "es", "value": "Hay una vulnerabilidad de elevaci\u00f3n de privilegios cuando el servicio actualizador de Microsoft Visual Studio maneja inapropiadamente los permisos de archivo, tambi\u00e9n se conoce como \"Microsoft Visual Studio Elevation of Privilege Vulnerability\"."}], "id": "CVE-2020-0899", "lastModified": "2024-11-21T04:54:25.547", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-15T15:15:14.403", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}