VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-mvgu-pa7x-aaab

Essentials
Severities (98)
References (25)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-mvgu-pa7x-aaab
Aliases	CVE-2024-0057 GHSA-68w7-72jg-6qpp
Summary	dotnet: X509 Certificates - Validation Bypass across Azure
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-295	Improper Certificate Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0057.json
epss	0.00115	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.00119	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.00119	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.00119	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.00119	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.00119	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.00119	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.00119	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.00119	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.00129	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.00129	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.00129	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.01987	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.01987	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.01987	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.01987	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.01987	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.01987	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.01987	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.01987	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.01987	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.01987	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.01987	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.01987	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.01987	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02024	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02024	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02024	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02024	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02041	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02041	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02041	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02041	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02041	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02041	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02041	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02041	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02041	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02041	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02041	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02041	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02041	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02041	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02041	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02041	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02041	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02079	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02079	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02079	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02079	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02079	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02079	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02306	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02306	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02306	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02306	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02306	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02306	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02306	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02349	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02369	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02412	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02412	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02412	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02412	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.02412	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.08642	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.08642	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.08642	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.08642	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.08642	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.08642	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.08642	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.08642	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.08642	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.08642	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.08642	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.08642	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
epss	0.31624	https://api.first.org/data/v1/epss?cve=CVE-2024-0057
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-68w7-72jg-6qpp
cvssv3.1	9.1	https://github.com/NuGet/NuGet.Client
generic_textual	CRITICAL	https://github.com/NuGet/NuGet.Client
cvssv3.1	9.1	https://github.com/NuGet/NuGet.Client/commit/3333f352ec47f0ebb489f20353dea7017f6cb00c
generic_textual	CRITICAL	https://github.com/NuGet/NuGet.Client/commit/3333f352ec47f0ebb489f20353dea7017f6cb00c
cvssv3.1	9.1	https://github.com/NuGet/NuGet.Client/commit/5e1ba955cca14328d2cb5723f211d5fbc9bcacb3
generic_textual	CRITICAL	https://github.com/NuGet/NuGet.Client/commit/5e1ba955cca14328d2cb5723f211d5fbc9bcacb3
cvssv3.1_qr	CRITICAL	https://github.com/NuGet/NuGet.Client/security/advisories/GHSA-68w7-72jg-6qpp
cvssv3.1	9.1	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057
generic_textual	CRITICAL	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2024-0057
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2024-0057
cvssv3.1	9.1	https://security.netapp.com/advisory/ntap-20240208-0007
generic_textual	CRITICAL	https://security.netapp.com/advisory/ntap-20240208-0007

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0057.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-0057
		https://github.com/NuGet/NuGet.Client
		https://github.com/NuGet/NuGet.Client/commit/3333f352ec47f0ebb489f20353dea7017f6cb00c
		https://github.com/NuGet/NuGet.Client/commit/5e1ba955cca14328d2cb5723f211d5fbc9bcacb3
		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057
		https://security.netapp.com/advisory/ntap-20240208-0007
		https://security.netapp.com/advisory/ntap-20240208-0007/
2255386		https://bugzilla.redhat.com/show_bug.cgi?id=2255386
cpe:2.3:a:microsoft:.net::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net::::::::
cpe:2.3:a:microsoft:.net:8.0.0:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net:8.0.0:-::::::
cpe:2.3:a:microsoft:powershell::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:powershell::::::::
cpe:2.3:a:microsoft:powershell:7.4:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:powershell:7.4:-::::::
cpe:2.3:a:microsoft:visual_studio_2022::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2022::::::::
CVE-2024-0057		https://nvd.nist.gov/vuln/detail/CVE-2024-0057
GHSA-68w7-72jg-6qpp		https://github.com/advisories/GHSA-68w7-72jg-6qpp
GHSA-68w7-72jg-6qpp		https://github.com/NuGet/NuGet.Client/security/advisories/GHSA-68w7-72jg-6qpp
RHSA-2024:0150		https://access.redhat.com/errata/RHSA-2024:0150
RHSA-2024:0151		https://access.redhat.com/errata/RHSA-2024:0151
RHSA-2024:0152		https://access.redhat.com/errata/RHSA-2024:0152
RHSA-2024:0156		https://access.redhat.com/errata/RHSA-2024:0156
RHSA-2024:0157		https://access.redhat.com/errata/RHSA-2024:0157
RHSA-2024:0158		https://access.redhat.com/errata/RHSA-2024:0158
RHSA-2024:0255		https://access.redhat.com/errata/RHSA-2024:0255
USN-6578-1		https://usn.ubuntu.com/6578-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0057.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/NuGet/NuGet.Client

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/NuGet/NuGet.Client/commit/3333f352ec47f0ebb489f20353dea7017f6cb00c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/NuGet/NuGet.Client/commit/5e1ba955cca14328d2cb5723f211d5fbc9bcacb3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-0057

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-0057

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://security.netapp.com/advisory/ntap-20240208-0007

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.46215
EPSS Score	0.00115
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-01-10T06:45:50.366093+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0057.json	34.0.0rc2