High severityNVD Advisory· Published Oct 11, 2022· Updated Feb 28, 2025
NuGet Client Elevation of Privilege Vulnerability
CVE-2022-41032
Description
NuGet Client Elevation of Privilege Vulnerability
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
NuGet.CommandsNuGet | >= 4.6.0, < 4.9.6 | 4.9.6 |
NuGet.CommandsNuGet | >= 5.0.0, < 5.7.3 | 5.7.3 |
NuGet.CommandsNuGet | >= 5.8.0, < 5.9.3 | 5.9.3 |
NuGet.CommandsNuGet | >= 5.10.0, < 5.11.3 | 5.11.3 |
NuGet.CommandsNuGet | >= 6.0.0, < 6.0.3 | 6.0.3 |
NuGet.CommandsNuGet | >= 6.1.0, < 6.2.2 | 6.2.2 |
NuGet.CommandsNuGet | >= 6.3.0, < 6.3.1 | 6.3.1 |
NuGet.CommandLineNuGet | >= 4.6.0, < 4.9.6 | 4.9.6 |
NuGet.CommandLineNuGet | >= 5.0.0, < 5.7.3 | 5.7.3 |
NuGet.CommandLineNuGet | >= 5.8.0, < 5.9.3 | 5.9.3 |
NuGet.CommandLineNuGet | >= 5.10.0, < 5.11.3 | 5.11.3 |
NuGet.CommandLineNuGet | >= 6.0.0, < 6.0.3 | 6.0.3 |
NuGet.CommandLineNuGet | >= 6.1.0, < 6.2.2 | 6.2.2 |
NuGet.CommandLineNuGet | >= 6.3.0, < 6.3.1 | 6.3.1 |
NuGet.ProtocolNuGet | >= 4.6.0, < 4.9.6 | 4.9.6 |
NuGet.ProtocolNuGet | >= 5.0.0, < 5.7.3 | 5.7.3 |
NuGet.ProtocolNuGet | >= 5.8.0, < 5.9.3 | 5.9.3 |
NuGet.ProtocolNuGet | >= 5.10.0, < 5.11.3 | 5.11.3 |
NuGet.ProtocolNuGet | >= 6.0.0, < 6.0.3 | 6.0.3 |
NuGet.ProtocolNuGet | >= 6.1.0, < 6.2.2 | 6.2.2 |
NuGet.ProtocolNuGet | >= 6.3.0, < 6.3.1 | 6.3.1 |
Affected products
43- osv-coords35 versionspkg:bitnami/dotnetpkg:bitnami/dotnet-sdkpkg:nuget/nuget.commandlinepkg:nuget/nuget.commandspkg:nuget/nuget.protocolpkg:rpm/almalinux/aspnetcore-runtime-3.1pkg:rpm/almalinux/aspnetcore-runtime-6.0pkg:rpm/almalinux/aspnetcore-runtime-7.0pkg:rpm/almalinux/aspnetcore-targeting-pack-3.1pkg:rpm/almalinux/aspnetcore-targeting-pack-6.0pkg:rpm/almalinux/aspnetcore-targeting-pack-7.0pkg:rpm/almalinux/dotnetpkg:rpm/almalinux/dotnet-apphost-pack-3.1pkg:rpm/almalinux/dotnet-apphost-pack-6.0pkg:rpm/almalinux/dotnet-apphost-pack-7.0pkg:rpm/almalinux/dotnet-hostpkg:rpm/almalinux/dotnet-hostfxr-3.1pkg:rpm/almalinux/dotnet-hostfxr-6.0pkg:rpm/almalinux/dotnet-hostfxr-7.0pkg:rpm/almalinux/dotnet-runtime-3.1pkg:rpm/almalinux/dotnet-runtime-6.0pkg:rpm/almalinux/dotnet-runtime-7.0pkg:rpm/almalinux/dotnet-sdk-3.1pkg:rpm/almalinux/dotnet-sdk-3.1-source-built-artifactspkg:rpm/almalinux/dotnet-sdk-6.0pkg:rpm/almalinux/dotnet-sdk-6.0-source-built-artifactspkg:rpm/almalinux/dotnet-sdk-7.0pkg:rpm/almalinux/dotnet-sdk-7.0-source-built-artifactspkg:rpm/almalinux/dotnet-targeting-pack-3.1pkg:rpm/almalinux/dotnet-targeting-pack-6.0pkg:rpm/almalinux/dotnet-targeting-pack-7.0pkg:rpm/almalinux/dotnet-templates-3.1pkg:rpm/almalinux/dotnet-templates-6.0pkg:rpm/almalinux/dotnet-templates-7.0pkg:rpm/almalinux/netstandard-targeting-pack-2.1
>= 6.0.0, < 6.0.1+ 34 more
- (no CPE)range: >= 6.0.0, < 6.0.1
- (no CPE)range: >= 6.0.0, < 6.0.1
- (no CPE)range: >= 4.6.0, < 4.9.6
- (no CPE)range: >= 4.6.0, < 4.9.6
- (no CPE)range: >= 4.6.0, < 4.9.6
- (no CPE)range: < 3.1.30-1.el8_6
- (no CPE)range: < 6.0.10-1.el8_6
- (no CPE)range: < 7.0.0-0.4.rc2.el8_7
- (no CPE)range: < 3.1.30-1.el8_6
- (no CPE)range: < 6.0.10-1.el8_6
- (no CPE)range: < 7.0.0-0.4.rc2.el8_7
- (no CPE)range: < 6.0.110-1.el8_6
- (no CPE)range: < 3.1.30-1.el8_6
- (no CPE)range: < 6.0.10-1.el8_6
- (no CPE)range: < 7.0.0-0.4.rc2.el8_7
- (no CPE)range: < 6.0.10-1.el8_6
- (no CPE)range: < 3.1.30-1.el8_6
- (no CPE)range: < 6.0.10-1.el8_6
- (no CPE)range: < 7.0.0-0.4.rc2.el8_7
- (no CPE)range: < 3.1.30-1.el8_6
- (no CPE)range: < 6.0.10-1.el8_6
- (no CPE)range: < 7.0.0-0.4.rc2.el8_7
- (no CPE)range: < 3.1.424-1.el8_6
- (no CPE)range: < 3.1.424-1.el8_6
- (no CPE)range: < 6.0.110-1.el8_6
- (no CPE)range: < 6.0.110-1.el8_6
- (no CPE)range: < 7.0.100-0.4.rc2.el8_7
- (no CPE)range: < 7.0.100-0.4.rc2.el8_7
- (no CPE)range: < 3.1.30-1.el8_6
- (no CPE)range: < 6.0.10-1.el8_6
- (no CPE)range: < 7.0.0-0.4.rc2.el8_7
- (no CPE)range: < 3.1.424-1.el8_6
- (no CPE)range: < 6.0.110-1.el8_6
- (no CPE)range: < 7.0.100-0.4.rc2.el8_7
- (no CPE)range: < 6.0.110-1.el8_6
- Microsoft/Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)v5Range: 16.11.0
- Microsoft/Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)v5Range: 15.0.0
- Microsoft/Microsoft Visual Studio 2022 version 17.0v5Range: 17.0.0
- Microsoft/Microsoft Visual Studio 2022 version 17.2v5Range: 17.2.0
- Microsoft/Microsoft Visual Studio 2022 version 17.3v5Range: 17.0.0
- Microsoft/.NET 6.0v5Range: 6.0.0
- Microsoft/.NET Core 3.1v5Range: 3.1
- Microsoft/Visual Studio 2022 for Mac version 17.3v5Range: 17.3
Patches
Vulnerability mechanics
References
14- github.com/advisories/GHSA-g3q9-xf95-8hp5ghsaADVISORY
- msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41032ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-41032ghsaADVISORY
- github.com/NuGet/Announcements/issues/65ghsaWEB
- github.com/NuGet/NuGet.Client/commit/6392863cf83f4870e18f1d02f2463cca633e59edghsaWEB
- github.com/NuGet/NuGet.Client/security/advisories/GHSA-g3q9-xf95-8hp5ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOG35Z5RL5W5RGLLYLN46CI4D2UPDSWMghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDPT2MJC3HD7HYZGASOOX6MTDR4ASBL5ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7BMHO5ITRBZREVTEKHQRGSFRPDMALV3ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FOG35Z5RL5W5RGLLYLN46CI4D2UPDSWMghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HDPT2MJC3HD7HYZGASOOX6MTDR4ASBL5ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7BMHO5ITRBZREVTEKHQRGSFRPDMALV3ghsaWEB
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41032ghsaWEB
- www.edwardthomson.com/blog/my-first-cve.htmlghsaWEB
News mentions
0No linked articles in our index yet.