Описание
NuGet Client Elevation of Privilege Vulnerability
FAQ
Are any other products affected by this vulnerability?
Yes. See the following list of affected versions of NuGet.exe, NuGet.Commands, NuGet.CommandLine, and NuGet.Protocol. Customers using any of these affected versions please see <Link to NuGet advisory> for information about how to fix the vulnerability.
- Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 6.3.0 version or earlier
- Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 6.2.1 version or earlier
- Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 6.0.2 version or earlier
- Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 5.11.2 version or earlier
- Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 5.9.2 version or earlier
- Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 5.7.2 version or earlier
- Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 4.9.5 version or earlier
What privileges could be gained by an attacker who successfully exploited the vulnerability?
The attacker would gain the rights of the user that is running the affected application.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| .NET Core 3.1 | ||
| Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) | ||
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft Visual Studio 2022 version 17.0 | ||
| .NET 6.0 | ||
| Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft Visual Studio 2022 version 17.3 | ||
| Visual Studio 2022 for Mac version 17.3 |
Показывать по
10
Возможность эксплуатации
Publicly Disclosed
No
Exploited
No
Latest Software Release
Exploitation Less Likely
Older Software Release
Exploitation Less Likely
DOS
N/A
EPSS
Процентиль: 95%
0.18296
Средний
7.8 High
CVSS3
EPSS
Процентиль: 95%
0.18296
Средний
7.8 High
CVSS3