CVE-2022-30184

Name of the Vulnerable Software and Affected Versions .NET versions prior to 6.0.6 .NET Core versions prior to 3.1.26 NuGet versions prior to 6.2.1 NuGet.exe versions prior to 6.2.1 NuGet.Commands versions prior to 6.2.1 NuGet.CommandLine versions prior to 6.2.1 NuGet.CommandLine.XPlat versions prior to 6.2.1

Description A vulnerability exists in .NET and .NET Core where a nuget.org API key could leak due to an incorrect comparison with a server URL. This issue is related to the lack of protection for service data. Exploitation of this vulnerability may allow an attacker to gain access to confidential information.

Recommendations For .NET 6.0, download and install Runtime 6.0.6 or SDK 6.0.106 from https://dotnet.microsoft.com/download/dotnet-core/6.0. For .NET Core 3.1, download and install Runtime 3.1.26 or SDK 3.1.420 from https://dotnet.microsoft.com/download/dotnet-core/3.1. For NuGet.exe 6.2.0 or lower, download and install 6.2.1 from https://dist.nuget.org/win-x86-commandline/v6.2.1/nuget.exe. For NuGet.exe 6.0.1 or lower, download and install 6.0.2 from https://dist.nuget.org/win-x86-commandline/v6.0.2/nuget.exe. For NuGet.exe 5.11.1 or lower, download and install 5.11.2 from https://dist.nuget.org/win-x86-commandline/v5.11.2/nuget.exe. For NuGet.exe 5.9.1 or lower, download and install 5.9.2 from https://dist.nuget.org/win-x86-commandline/v5.9.2/nuget.exe. For NuGet.exe 5.7.1 or lower, download and install 5.7.2 from https://dist.nuget.org/win-x86-commandline/v4.7.2/nuget.exe. For NuGet.exe 4.9.4 or lower, download and install 4.9.5 from https://dist.nuget.org/win-x86-commandline/v4.9.5/nuget.exe.