← Back

CVE-2022-41032

nvd nist
Published: Oct 11, 2022Modified: Feb 28, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

NuGet Client Elevation of Privilege Vulnerability

Affected (11)

Microsoft
4 products
.net
.net Core
Visual Studio 2019
Visual Studio 2022
Fedoraproject
1 product
Fedora
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
.net
Version 6.0.0
.net Core
Version 3.1
Microsoft
Visual Studio 2019
From 16.0.0 to 16.9.26
Visual Studio 2019
From 16.10.0 to 16.11.20
Microsoft
Visual Studio 2022
From 17.0 to 17.0.15
Visual Studio 2022
From 17.2.0 to 17.2.9
Visual Studio 2022
From 17.3 to 17.3.6
Visual Studio 2022
From 17.3 to 17.3.7
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 35
Fedora
Version 36
Fedora
Version 37

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (5)

Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.