NuGet.org is vulnerable to information disclosure. The vulnerability exists in the ExecuteCommand
function in SetApiKeyCommand.cs
due to a lack of sanitization in api key which allows an attacker to get access to sensitive information.
bugzilla.redhat.com/show_bug.cgi?id=2096963
github.com/advisories/GHSA-3885-8gqc-3wpf
github.com/NuGet/NuGet.Client/commit/22ddc862c9d9e80826f739747b49094f38ab814a
github.com/NuGet/NuGet.Client/commit/3689cc566c5f27580f871ad5731014910982d1c3
github.com/NuGet/NuGet.Client/commit/6233e17d34d99225cd595ecea9de4ff65f96a1cd
github.com/NuGet/NuGet.Client/commit/a844a095fd2df2174fa6354f36b45ef4ad1a84da
github.com/NuGet/NuGet.Client/commit/ccc20eadc72861b1c1bc160f89fe1c3669243173
github.com/NuGet/NuGet.Client/commit/d742d7f927dbaba92e0803ea577e87293e69b35f
github.com/NuGet/NuGet.Client/commit/dc8156f2e435e56a5bb4523a93e64184017f177b
lists.fedoraproject.org/archives/list/[email protected]/message/DMP34G53EA2DBTBLFOAQCDZRRENE2EA2/
lists.fedoraproject.org/archives/list/[email protected]/message/XWNH4AC3LFVX35MDRX5OBZDGD2AMH66K/
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30184