Lucene search

GoogleOSV:BIT-DOTNET-SDK-2022-41032

HistoryMar 06, 2024 - 10:57 a.m.

BIT-dotnet-sdk-2022-41032

2024-03-0610:57:21

Google

osv.dev

bit.net sdk privilege vulnerability nuget client software

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

18.9%

JSON

NuGet Client Elevation of Privilege Vulnerability

CPENameOperatorVersion
dotnet-sdkle6.0.0
dotnet-sdkge6.0.0

CPE	Name	Operator	Version
	dotnet-sdk	le	6.0.0
	dotnet-sdk	ge	6.0.0

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOG35Z5RL5W5RGLLYLN46CI4D2UPDSWM/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDPT2MJC3HD7HYZGASOOX6MTDR4ASBL5/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7BMHO5ITRBZREVTEKHQRGSFRPDMALV3/

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41032

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

18.9%

JSON

Related for OSV:BIT-DOTNET-SDK-2022-41032