CVE-2022-41032

HIGH

NuGet Client - Privilege Escalation

Title source: llm

Description

NuGet Client Elevation of Privilege Vulnerability

Exploits (1)

nomisec STUB 1 stars

by ethomson · poc

https://github.com/ethomson/cve-2022-41032

View Code ZIP pw:eip

References (5)

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOG35Z5RL5W5RGLLYLN46CI4D2UPDSWM/

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDPT2MJC3HD7HYZGASOOX6MTDR4ASBL5/

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7BMHO5ITRBZREVTEKHQRGSFRPDMALV3/

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41032

[Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41032

Scores

CVSS v3 7.8

EPSS 0.1830

EPSS Percentile 95.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (12)

fedoraproject/fedora 35

fedoraproject/fedora 36

fedoraproject/fedora 37

microsoft/.net 6.0.0

microsoft/.net_core 3.1

microsoft/visual_studio_2019 16.0.0 - 16.9.26

microsoft/visual_studio_2022 17.0 - 17.0.15

microsoft/visual_studio_2022 17.3 - 17.3.6

microsoft/visual_studio_2022 17.3 - 17.3.7

nuget/NuGet.CommandLine 4.6.0 - 4.9.6NuGet

... and 2 more

Published Oct 11, 2022

Tracked Since Feb 18, 2026