NuGet Client is vulnerable to Privilege Escalation. The vulnerability exists because the library does not properly handle a world-writable cache directory, allowing an attacker to inject and execute malicious code, resulting in the elevation of privilege.
github.com/advisories/GHSA-g3q9-xf95-8hp5
github.com/dotnet/announcements/issues/236
github.com/NuGet/Announcements/issues/65
github.com/NuGet/Home/issues/12149
lists.fedoraproject.org/archives/list/[email protected]/message/FOG35Z5RL5W5RGLLYLN46CI4D2UPDSWM/
lists.fedoraproject.org/archives/list/[email protected]/message/HDPT2MJC3HD7HYZGASOOX6MTDR4ASBL5/
lists.fedoraproject.org/archives/list/[email protected]/message/X7BMHO5ITRBZREVTEKHQRGSFRPDMALV3/
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41032
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41032