CVE-2022-41032 Common Vulnerabilities and Exposures

Upstream information

CVE-2022-41032 at MITRE

Description

NuGet Client Elevation of Privilege Vulnerability

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

CVSS v3 Scores
	National Vulnerability Database
Base Score	7.8
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector	Local
Attack Complexity	Low
Privileges Required	Low
User Interaction	None
Scope	Unchanged
Confidentiality Impact	High
Integrity Impact	High
Availability Impact	High
CVSSv3 Version	3.1

SUSE Bugzilla entry: 1204224 [NEW]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Liberty Linux 8	`aspnetcore-runtime-3.1 >= 3.1.30-1.el8_6` `aspnetcore-runtime-6.0 >= 6.0.10-1.el8_6` `aspnetcore-runtime-7.0 >= 7.0.0-0.4.rc2.el8_7` `aspnetcore-targeting-pack-3.1 >= 3.1.30-1.el8_6` `aspnetcore-targeting-pack-6.0 >= 6.0.10-1.el8_6` `aspnetcore-targeting-pack-7.0 >= 7.0.0-0.4.rc2.el8_7` `dotnet >= 7.0.100-0.4.rc2.el8_7` `dotnet-apphost-pack-3.1 >= 3.1.30-1.el8_6` `dotnet-apphost-pack-6.0 >= 6.0.10-1.el8_6` `dotnet-apphost-pack-7.0 >= 7.0.0-0.4.rc2.el8_7` `dotnet-host >= 7.0.0-0.4.rc2.el8_7` `dotnet-hostfxr-3.1 >= 3.1.30-1.el8_6` `dotnet-hostfxr-6.0 >= 6.0.10-1.el8_6` `dotnet-hostfxr-7.0 >= 7.0.0-0.4.rc2.el8_7` `dotnet-runtime-3.1 >= 3.1.30-1.el8_6` `dotnet-runtime-6.0 >= 6.0.10-1.el8_6` `dotnet-runtime-7.0 >= 7.0.0-0.4.rc2.el8_7` `dotnet-sdk-3.1 >= 3.1.424-1.el8_6` `dotnet-sdk-3.1-source-built-artifacts >= 3.1.424-1.el8_6` `dotnet-sdk-6.0 >= 6.0.110-1.el8_6` `dotnet-sdk-6.0-source-built-artifacts >= 6.0.110-1.el8_6` `dotnet-sdk-7.0 >= 7.0.100-0.4.rc2.el8_7` `dotnet-sdk-7.0-source-built-artifacts >= 7.0.100-0.4.rc2.el8_7` `dotnet-targeting-pack-3.1 >= 3.1.30-1.el8_6` `dotnet-targeting-pack-6.0 >= 6.0.10-1.el8_6` `dotnet-targeting-pack-7.0 >= 7.0.0-0.4.rc2.el8_7` `dotnet-templates-3.1 >= 3.1.424-1.el8_6` `dotnet-templates-6.0 >= 6.0.110-1.el8_6` `dotnet-templates-7.0 >= 7.0.100-0.4.rc2.el8_7` `netstandard-targeting-pack-2.1 >= 7.0.100-0.4.rc2.el8_7`	Patchnames: RHSA-2022:6911 RHSA-2022:6912 RHSA-2022:7826
SUSE Liberty Linux 9	`aspnetcore-runtime-6.0 >= 6.0.10-1.el9_0` `aspnetcore-runtime-7.0 >= 7.0.0-0.5.rc2.el9_1` `aspnetcore-targeting-pack-6.0 >= 6.0.10-1.el9_0` `aspnetcore-targeting-pack-7.0 >= 7.0.0-0.5.rc2.el9_1` `dotnet-apphost-pack-6.0 >= 6.0.10-1.el9_0` `dotnet-apphost-pack-7.0 >= 7.0.0-0.5.rc2.el9_1` `dotnet-host >= 7.0.0-0.5.rc2.el9_1` `dotnet-hostfxr-6.0 >= 6.0.10-1.el9_0` `dotnet-hostfxr-7.0 >= 7.0.0-0.5.rc2.el9_1` `dotnet-runtime-6.0 >= 6.0.10-1.el9_0` `dotnet-runtime-7.0 >= 7.0.0-0.5.rc2.el9_1` `dotnet-sdk-6.0 >= 6.0.110-1.el9_0` `dotnet-sdk-6.0-source-built-artifacts >= 6.0.110-1.el9_0` `dotnet-sdk-7.0 >= 7.0.100-0.5.rc2.el9_1` `dotnet-sdk-7.0-source-built-artifacts >= 7.0.100-0.5.rc2.el9_1` `dotnet-targeting-pack-6.0 >= 6.0.10-1.el9_0` `dotnet-targeting-pack-7.0 >= 7.0.0-0.5.rc2.el9_1` `dotnet-templates-6.0 >= 6.0.110-1.el9_0` `dotnet-templates-7.0 >= 7.0.100-0.5.rc2.el9_1` `netstandard-targeting-pack-2.1 >= 7.0.100-0.5.rc2.el9_1`	Patchnames: RHSA-2022:6913 RHSA-2022:8434

SUSE Timeline for this CVE

CVE page created: Tue Oct 11 20:00:21 2022
CVE page last modified: Thu Dec 21 00:35:03 2023