Details of VAR-202210-0635

ID

VAR-202210-0635

CVE

CVE-2022-41032

TITLE

plural Microsoft Elevated privilege vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2022-002496

DESCRIPTION

NuGet Client Elevation of Privilege Vulnerability. plural Microsoft The product has NuGet A privilege escalation vulnerability exists due to a flaw in the client.You may be elevated. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: .NET Core 3.1 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:6914-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6914 Issue date: 2022-10-12 CVE Names: CVE-2022-41032 ==================================================================== 1. Summary: An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.424 and .NET Runtime 3.1.30 . Security Fix(es): * dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2132614 - CVE-2022-41032 dotnet: Nuget cache poisoning on Linux via world-writable cache directory 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet31-dotnet-3.1.424-1.el7_9.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.424-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet31-dotnet-3.1.424-1.el7_9.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.424-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet31-dotnet-3.1.424-1.el7_9.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.424-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-41032 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY01wLdzjgjWX9erEAQijOBAAk3qi59juLWrmQL5NwAFuU0YEdAxcs4N0 AllLrbzQqdQ1uD3il00D6elzQ3rPe0XdtbQ6QsPe5+xweF9lN0brki53z6EeWe8k 7+T8ymBM24WKaJYsqdlOyM3b0Xo6w9y5sc7tNr6GU/N8CpVb4s9v5H3dhyiJQL0F hceZzZp5ohRwccy435r9awjTxi1o1qs0Fm+oahEjOw43vWUJLEQq8bxm/Fjdxukc wowIu7DigVwHJuz04ps/h0ds9ScmBTxvSn2CsC/G3NYphWF6Z7vm9U9gHDQJUptM hFVVLnS+3EH23KJ/f3OTOPAghcGlbQNp1NDBgyyvEzWjDVcxtJ713ZfiDa6KN/Ge BDhNu0CEy5yIVTp+84BMuBbIZvtg83y2xpgitmjh+qT/GZ8gckKQcGzd0IRa6ByW sEPH6N1/eUsMeF6yhAlkE5Z4crCdNuhBsBWak1PTn4hTwOUyGjHMGavgYgopIQyi ymtG0J7R6uW0W0aBlqHP9B9PZ05fUwRI1BU6s84AEsWxouCxPQ+Ihd2191h400XP nDYyN1Amb7hPbYfQgMotaX9kFNlwm8k7wP77J0enuOIExb5sPn6Y9kMu9gvhMWhP UoNK5R8zb2xt3ONi8LErjThYePjna5/2E1q4ZnIGby0Ap36O1wGVZ/9SFywUhKQW 1U0w3pAxg/8=NP0+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 9) - aarch64, s390x, x86_64 3. ========================================================================== Ubuntu Security Notice USN-5670-1 October 11, 2022 dotnet6 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: .NET 6 could be made to execute arbitrary code. Software Description: - dotnet6: dotNET CLI tools and runtime Details: Edward Thomson discovered that .NET 6 incorrectly handled permissions for local NuGet cache. A local attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.110-0ubuntu1~22.04.1 dotnet-host 6.0.110-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.110-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.110-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.110-0ubuntu1~22.04.1 dotnet6 6.0.110-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64 3. The following packages have been upgraded to a later upstream version: dotnet7.0 (7.0.100). (BZ#2134642)

Trust: 2.34

sources: NVD: CVE-2022-41032 // JVNDB: JVNDB-2022-002496 // PACKETSTORM: 168764 // PACKETSTORM: 168763 // PACKETSTORM: 168760 // PACKETSTORM: 168761 // PACKETSTORM: 168762 // PACKETSTORM: 168697 // PACKETSTORM: 169743 // PACKETSTORM: 169901

AFFECTED PRODUCTS

vendor:	microsoft	model:	visual studio 2022	scope:	lt	version:	17.3.7	Trust: 1.0
vendor:	microsoft	model:	visual studio 2019	scope:	lt	version:	16.9.26	Trust: 1.0
vendor:	microsoft	model:	.net	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	microsoft	model:	visual studio 2022	scope:	lt	version:	17.0.15	Trust: 1.0
vendor:	microsoft	model:	visual studio 2019	scope:	gte	version:	16.10.0	Trust: 1.0
vendor:	microsoft	model:	visual studio 2022	scope:	gte	version:	17.2.0	Trust: 1.0
vendor:	microsoft	model:	visual studio 2022	scope:	lt	version:	17.3.6	Trust: 1.0
vendor:	microsoft	model:	visual studio 2022	scope:	gte	version:	17.0	Trust: 1.0
vendor:	microsoft	model:	visual studio 2022	scope:	lt	version:	17.2.9	Trust: 1.0
vendor:	microsoft	model:	visual studio 2019	scope:	lt	version:	16.11.20	Trust: 1.0
vendor:	microsoft	model:	.net core	scope:	eq	version:	3.1	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	microsoft	model:	visual studio 2022	scope:	gte	version:	17.3	Trust: 1.0
vendor:	microsoft	model:	visual studio 2019	scope:	gte	version:	16.0.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	36	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	37	Trust: 1.0
vendor:	マイクロソフト	model:	visual studio 2022 for mac	scope:	eq	version:	17.3	Trust: 0.8
vendor:	マイクロソフト	model:	.net	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft visual studio	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-002496 // NVD: CVE-2022-41032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-41032
value:	HIGH
Trust: 1.0
secure@microsoft.com:	CVE-2022-41032
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2022-002496
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202210-541
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-41032
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-002496
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-002496 // CNNVD: CNNVD-202210-541 // NVD: CVE-2022-41032 // NVD: CVE-2022-41032

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-002496 // NVD: CVE-2022-41032

THREAT TYPE

local

Trust: 0.7

sources: PACKETSTORM: 168697 // CNNVD: CNNVD-202210-541

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-541

PATCH

title:	NuGet Client Elevation of Privilege Vulnerability Security Update Guide	url:	https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41032	Trust: 0.8
title:	NuGet Client Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=210607	Trust: 0.6

sources: JVNDB: JVNDB-2022-002496 // CNNVD: CNNVD-202210-541

EXTERNAL IDS

db:	NVD	id:	CVE-2022-41032	Trust: 4.0
db:	JVNDB	id:	JVNDB-2022-002496	Trust: 0.8
db:	PACKETSTORM	id:	168764	Trust: 0.7
db:	PACKETSTORM	id:	168697	Trust: 0.7
db:	PACKETSTORM	id:	169743	Trust: 0.7
db:	PACKETSTORM	id:	169901	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.5053	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5143	Trust: 0.6
db:	CNNVD	id:	CNNVD-202210-541	Trust: 0.6
db:	PACKETSTORM	id:	168763	Trust: 0.1
db:	PACKETSTORM	id:	168760	Trust: 0.1
db:	PACKETSTORM	id:	168761	Trust: 0.1
db:	PACKETSTORM	id:	168762	Trust: 0.1

sources: JVNDB: JVNDB-2022-002496 // PACKETSTORM: 168764 // PACKETSTORM: 168763 // PACKETSTORM: 168760 // PACKETSTORM: 168761 // PACKETSTORM: 168762 // PACKETSTORM: 168697 // PACKETSTORM: 169743 // PACKETSTORM: 169901 // CNNVD: CNNVD-202210-541 // NVD: CVE-2022-41032

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2022-41032	Trust: 1.6
url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2022-41032	Trust: 1.6
url:	https://access.redhat.com/security/cve/cve-2022-41032	Trust: 1.3
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fog35z5rl5w5rgllyln46ci4d2updswm/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hdpt2mjc3hd7hyzgasoox6mtdr4asbl5/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x7bmho5itrbzrevtekhqrgsfrpdmalv3/	Trust: 1.0
url:	https://www.ipa.go.jp/security/ciadr/vul/20221012-ms.html	Trust: 0.8
url:	https://www.jpcert.or.jp/at/2022/at220028.html	Trust: 0.8
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://access.redhat.com/security/team/key/	Trust: 0.7
url:	https://access.redhat.com/articles/11258	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hdpt2mjc3hd7hyzgasoox6mtdr4asbl5/	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/fog35z5rl5w5rgllyln46ci4d2updswm/	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x7bmho5itrbzrevtekhqrgsfrpdmalv3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5053	Trust: 0.6
url:	https://packetstormsecurity.com/files/168764/red-hat-security-advisory-2022-6915-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/169743/red-hat-security-advisory-2022-7826-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/169901/red-hat-security-advisory-2022-8434-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5143	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-41032/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/microsoft-net-visual-studio-privilege-escalation-39522	Trust: 0.6
url:	https://packetstormsecurity.com/files/168697/ubuntu-security-notice-usn-5670-1.html	Trust: 0.6
url:	https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-41032	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2022:6915	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:6914	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:6913	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:6911	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:6912	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/dotnet6/6.0.110-0ubuntu1~22.04.1	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5670-1	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:7826	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:8434	Trust: 0.1

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 168764 // PACKETSTORM: 168763 // PACKETSTORM: 168760 // PACKETSTORM: 168761 // PACKETSTORM: 168762 // PACKETSTORM: 169743 // PACKETSTORM: 169901

SOURCES

db:	JVNDB	id:	JVNDB-2022-002496
db:	PACKETSTORM	id:	168764
db:	PACKETSTORM	id:	168763
db:	PACKETSTORM	id:	168760
db:	PACKETSTORM	id:	168761
db:	PACKETSTORM	id:	168762
db:	PACKETSTORM	id:	168697
db:	PACKETSTORM	id:	169743
db:	PACKETSTORM	id:	169901
db:	CNNVD	id:	CNNVD-202210-541
db:	NVD	id:	CVE-2022-41032

LAST UPDATE DATE

2024-08-14T15:37:21.003000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-002496	date:	2022-10-17T03:16:00
db:	CNNVD	id:	CNNVD-202210-541	date:	2022-11-21T00:00:00
db:	NVD	id:	CVE-2022-41032	date:	2023-12-20T20:15:17.783

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-002496	date:	2022-10-17T00:00:00
db:	PACKETSTORM	id:	168764	date:	2022-10-18T14:31:26
db:	PACKETSTORM	id:	168763	date:	2022-10-18T14:31:15
db:	PACKETSTORM	id:	168760	date:	2022-10-18T14:30:44
db:	PACKETSTORM	id:	168761	date:	2022-10-18T14:30:58
db:	PACKETSTORM	id:	168762	date:	2022-10-18T14:31:05
db:	PACKETSTORM	id:	168697	date:	2022-10-12T13:23:16
db:	PACKETSTORM	id:	169743	date:	2022-11-08T13:44:15
db:	PACKETSTORM	id:	169901	date:	2022-11-16T16:10:23
db:	CNNVD	id:	CNNVD-202210-541	date:	2022-10-11T00:00:00
db:	NVD	id:	CVE-2022-41032	date:	2022-10-11T19:15:20.483