ID

VAR-202210-0635


CVE

CVE-2022-41032


TITLE

plural  Microsoft  Elevated privilege vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2022-002496

DESCRIPTION

NuGet Client Elevation of Privilege Vulnerability. plural Microsoft The product has NuGet A privilege escalation vulnerability exists due to a flaw in the client.You may be elevated. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: .NET Core 3.1 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:6914-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6914 Issue date: 2022-10-12 CVE Names: CVE-2022-41032 ==================================================================== 1. Summary: An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.424 and .NET Runtime 3.1.30 . Security Fix(es): * dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2132614 - CVE-2022-41032 dotnet: Nuget cache poisoning on Linux via world-writable cache directory 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet31-dotnet-3.1.424-1.el7_9.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.424-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet31-dotnet-3.1.424-1.el7_9.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.424-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet31-dotnet-3.1.424-1.el7_9.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.424-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-41032 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY01wLdzjgjWX9erEAQijOBAAk3qi59juLWrmQL5NwAFuU0YEdAxcs4N0 AllLrbzQqdQ1uD3il00D6elzQ3rPe0XdtbQ6QsPe5+xweF9lN0brki53z6EeWe8k 7+T8ymBM24WKaJYsqdlOyM3b0Xo6w9y5sc7tNr6GU/N8CpVb4s9v5H3dhyiJQL0F hceZzZp5ohRwccy435r9awjTxi1o1qs0Fm+oahEjOw43vWUJLEQq8bxm/Fjdxukc wowIu7DigVwHJuz04ps/h0ds9ScmBTxvSn2CsC/G3NYphWF6Z7vm9U9gHDQJUptM hFVVLnS+3EH23KJ/f3OTOPAghcGlbQNp1NDBgyyvEzWjDVcxtJ713ZfiDa6KN/Ge BDhNu0CEy5yIVTp+84BMuBbIZvtg83y2xpgitmjh+qT/GZ8gckKQcGzd0IRa6ByW sEPH6N1/eUsMeF6yhAlkE5Z4crCdNuhBsBWak1PTn4hTwOUyGjHMGavgYgopIQyi ymtG0J7R6uW0W0aBlqHP9B9PZ05fUwRI1BU6s84AEsWxouCxPQ+Ihd2191h400XP nDYyN1Amb7hPbYfQgMotaX9kFNlwm8k7wP77J0enuOIExb5sPn6Y9kMu9gvhMWhP UoNK5R8zb2xt3ONi8LErjThYePjna5/2E1q4ZnIGby0Ap36O1wGVZ/9SFywUhKQW 1U0w3pAxg/8=NP0+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 9) - aarch64, s390x, x86_64 3. ========================================================================== Ubuntu Security Notice USN-5670-1 October 11, 2022 dotnet6 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: .NET 6 could be made to execute arbitrary code. Software Description: - dotnet6: dotNET CLI tools and runtime Details: Edward Thomson discovered that .NET 6 incorrectly handled permissions for local NuGet cache. A local attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.110-0ubuntu1~22.04.1 dotnet-host 6.0.110-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.110-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.110-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.110-0ubuntu1~22.04.1 dotnet6 6.0.110-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64 3. The following packages have been upgraded to a later upstream version: dotnet7.0 (7.0.100). (BZ#2134642)

Trust: 2.34

sources: NVD: CVE-2022-41032 // JVNDB: JVNDB-2022-002496 // PACKETSTORM: 168764 // PACKETSTORM: 168763 // PACKETSTORM: 168760 // PACKETSTORM: 168761 // PACKETSTORM: 168762 // PACKETSTORM: 168697 // PACKETSTORM: 169743 // PACKETSTORM: 169901

AFFECTED PRODUCTS

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.3.7

Trust: 1.0

vendor:microsoftmodel:visual studio 2019scope:ltversion:16.9.26

Trust: 1.0

vendor:microsoftmodel:.netscope:eqversion:6.0.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.0.15

Trust: 1.0

vendor:microsoftmodel:visual studio 2019scope:gteversion:16.10.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.2.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.3.6

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.2.9

Trust: 1.0

vendor:microsoftmodel:visual studio 2019scope:ltversion:16.11.20

Trust: 1.0

vendor:microsoftmodel:.net corescope:eqversion:3.1

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.3

Trust: 1.0

vendor:microsoftmodel:visual studio 2019scope:gteversion:16.0.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:36

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:37

Trust: 1.0

vendor:マイクロソフトmodel:visual studio 2022 for macscope:eqversion:17.3

Trust: 0.8

vendor:マイクロソフトmodel:.netscope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft visual studioscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-002496 // NVD: CVE-2022-41032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-41032
value: HIGH

Trust: 1.0

secure@microsoft.com: CVE-2022-41032
value: HIGH

Trust: 1.0

OTHER: JVNDB-2022-002496
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202210-541
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-41032
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-002496
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-002496 // CNNVD: CNNVD-202210-541 // NVD: CVE-2022-41032 // NVD: CVE-2022-41032

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-002496 // NVD: CVE-2022-41032

THREAT TYPE

local

Trust: 0.7

sources: PACKETSTORM: 168697 // CNNVD: CNNVD-202210-541

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-541

PATCH

title:NuGet Client Elevation of Privilege Vulnerability Security Update Guideurl:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41032

Trust: 0.8

title:NuGet Client Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=210607

Trust: 0.6

sources: JVNDB: JVNDB-2022-002496 // CNNVD: CNNVD-202210-541

EXTERNAL IDS

db:NVDid:CVE-2022-41032

Trust: 4.0

db:JVNDBid:JVNDB-2022-002496

Trust: 0.8

db:PACKETSTORMid:168764

Trust: 0.7

db:PACKETSTORMid:168697

Trust: 0.7

db:PACKETSTORMid:169743

Trust: 0.7

db:PACKETSTORMid:169901

Trust: 0.7

db:AUSCERTid:ESB-2022.5053

Trust: 0.6

db:AUSCERTid:ESB-2022.5143

Trust: 0.6

db:CNNVDid:CNNVD-202210-541

Trust: 0.6

db:PACKETSTORMid:168763

Trust: 0.1

db:PACKETSTORMid:168760

Trust: 0.1

db:PACKETSTORMid:168761

Trust: 0.1

db:PACKETSTORMid:168762

Trust: 0.1

sources: JVNDB: JVNDB-2022-002496 // PACKETSTORM: 168764 // PACKETSTORM: 168763 // PACKETSTORM: 168760 // PACKETSTORM: 168761 // PACKETSTORM: 168762 // PACKETSTORM: 168697 // PACKETSTORM: 169743 // PACKETSTORM: 169901 // CNNVD: CNNVD-202210-541 // NVD: CVE-2022-41032

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2022-41032

Trust: 1.6

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2022-41032

Trust: 1.6

url:https://access.redhat.com/security/cve/cve-2022-41032

Trust: 1.3

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fog35z5rl5w5rgllyln46ci4d2updswm/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hdpt2mjc3hd7hyzgasoox6mtdr4asbl5/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x7bmho5itrbzrevtekhqrgsfrpdmalv3/

Trust: 1.0

url:https://www.ipa.go.jp/security/ciadr/vul/20221012-ms.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2022/at220028.html

Trust: 0.8

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/security/team/key/

Trust: 0.7

url:https://access.redhat.com/articles/11258

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hdpt2mjc3hd7hyzgasoox6mtdr4asbl5/

Trust: 0.6

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/fog35z5rl5w5rgllyln46ci4d2updswm/

Trust: 0.6

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x7bmho5itrbzrevtekhqrgsfrpdmalv3/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5053

Trust: 0.6

url:https://packetstormsecurity.com/files/168764/red-hat-security-advisory-2022-6915-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/169743/red-hat-security-advisory-2022-7826-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/169901/red-hat-security-advisory-2022-8434-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5143

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-41032/

Trust: 0.6

url:https://vigilance.fr/vulnerability/microsoft-net-visual-studio-privilege-escalation-39522

Trust: 0.6

url:https://packetstormsecurity.com/files/168697/ubuntu-security-notice-usn-5670-1.html

Trust: 0.6

url:https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-41032

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2022:6915

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6914

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6913

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6911

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6912

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/dotnet6/6.0.110-0ubuntu1~22.04.1

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5670-1

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7826

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:8434

Trust: 0.1

sources: JVNDB: JVNDB-2022-002496 // PACKETSTORM: 168764 // PACKETSTORM: 168763 // PACKETSTORM: 168760 // PACKETSTORM: 168761 // PACKETSTORM: 168762 // PACKETSTORM: 168697 // PACKETSTORM: 169743 // PACKETSTORM: 169901 // CNNVD: CNNVD-202210-541 // NVD: CVE-2022-41032

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 168764 // PACKETSTORM: 168763 // PACKETSTORM: 168760 // PACKETSTORM: 168761 // PACKETSTORM: 168762 // PACKETSTORM: 169743 // PACKETSTORM: 169901

SOURCES

db:JVNDBid:JVNDB-2022-002496
db:PACKETSTORMid:168764
db:PACKETSTORMid:168763
db:PACKETSTORMid:168760
db:PACKETSTORMid:168761
db:PACKETSTORMid:168762
db:PACKETSTORMid:168697
db:PACKETSTORMid:169743
db:PACKETSTORMid:169901
db:CNNVDid:CNNVD-202210-541
db:NVDid:CVE-2022-41032

LAST UPDATE DATE

2024-08-14T15:37:21.003000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-002496date:2022-10-17T03:16:00
db:CNNVDid:CNNVD-202210-541date:2022-11-21T00:00:00
db:NVDid:CVE-2022-41032date:2023-12-20T20:15:17.783

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-002496date:2022-10-17T00:00:00
db:PACKETSTORMid:168764date:2022-10-18T14:31:26
db:PACKETSTORMid:168763date:2022-10-18T14:31:15
db:PACKETSTORMid:168760date:2022-10-18T14:30:44
db:PACKETSTORMid:168761date:2022-10-18T14:30:58
db:PACKETSTORMid:168762date:2022-10-18T14:31:05
db:PACKETSTORMid:168697date:2022-10-12T13:23:16
db:PACKETSTORMid:169743date:2022-11-08T13:44:15
db:PACKETSTORMid:169901date:2022-11-16T16:10:23
db:CNNVDid:CNNVD-202210-541date:2022-10-11T00:00:00
db:NVDid:CVE-2022-41032date:2022-10-11T19:15:20.483