CVE-2022-41032Use of Cache Containing Sensitive Information in Microsoft Visual Studio 2019 Version 16.11

CWE-524Use of Cache Containing Sensitive InformationCWE-269Improper Privilege Management7 documents7 sources
Severity
7.8HIGHCNA
No vector
EPSS
18.3%
top 4.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Microsoft Visual Studio 2019 Version 16.11Microsoft Visual Studio 2019 Version 16.9Microsoft Visual Studio 2022 Version 17.0+5 more
Timeline
PublishedOct 11

Description

NuGet Client Elevation of Privilege Vulnerability NuGet Client Elevation of Privilege Vulnerability

Affected Packages8 packages

CVEListV5microsoft/net_6.06.0.06.0.10
CVEListV5microsoft/net_core_3.13.13.1.30

🔴Vulnerability Details

3
OSV
NuGet Elevation of Privilege Vulnerability2022-10-11
CVEList
NuGet Client Elevation of Privilege Vulnerability2022-10-11
GHSA
NuGet Elevation of Privilege Vulnerability2022-10-11

📋Vendor Advisories

4
Microsoft
NuGet Client Elevation of Privilege Vulnerability2022-10-11
Ubuntu
.NET 6 vulnerability2022-10-11
Red Hat
dotnet: Nuget cache poisoning on Linux via world-writable cache directory2022-10-11
Debian
CVE-2022-41032: nuget - NuGet Client Elevation of Privilege Vulnerability2022
CVE-2022-41032 — Microsoft vulnerability | cvebase