CVE-2022-30184 in Microsoft and Fedora Project Products
Published on June 15, 2022

.NET and Visual Studio Information Disclosure Vulnerability

.NET and Visual Studio Information Disclosure Vulnerability

Github Repository Vendor Advisory NVD

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2022-30184 has been classified to as an Information Disclosure vulnerability or weakness.

Products Associated with CVE-2022-30184

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-30184 are published in these products:

Microsoft .NET Core

Microsoft Visual Studio 2019

Microsoft Net

Microsoft Visual Studio 2022

Microsoft Nuget

Fedora Project Fedora

Affected Versions

Microsoft .NET 6.0:

Version 6.0.0 and below 6.0.6 is affected.

Microsoft .NET Core 3.1:

Version 3.1 and below 3.1.26 is affected.

Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8):

Version 15.0.0 and below 16.9.22 is affected.

Microsoft Visual Studio 2019 for Mac version 8.10:

Version 8.1.0 and below 17.0.2 is affected.

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10):

Version 16.11.0 and below 16.11.16 is affected.

Microsoft Visual Studio 2022 version 17.0:

Version 17.0.0 and below 17.0.11 is affected.

Microsoft Visual Studio 2022 version 17.2:

Version 17.2.0 and below 17.2.4 is affected.

Microsoft NuGet.exe:

Version 6.0.0 and below 6.2.0 is affected.

Microsoft Visual Studio 2022 for Mac version 17.0:

Version 17.0.0 and below 17.0.2 is affected.

Vulnerable Packages

The following package name and versions may be associated with CVE-2022-30184

Package Manager	Vulnerable Package	Versions	Fixed In
nuget	NuGet.Commands	>= 6.0.0, < 6.0.2	6.0.2
nuget	NuGet.Commands	>= 3.5.0, < 4.9.5	4.9.5
nuget	NuGet.CommandLine	>= 3.5.0, < 4.9.5	4.9.5
nuget	NuGet.CommandLine.XPlat	>= 3.5.0, < 4.9.5	4.9.5
nuget	NuGet.Commands	>= 5.0.0, < 5.2.1	5.2.1
nuget	NuGet.Commands	>= 5.3.0, < 5.7.2	5.7.2
nuget	NuGet.Commands	>= 5.8.0, < 5.9.2	5.9.2
nuget	NuGet.Commands	>= 5.10.0, < 5.11.2	5.11.2
nuget	NuGet.Commands	>= 6.1.0, < 6.2.1	6.2.1
nuget	NuGet.CommandLine.XPlat	>= 6.1.0, < 6.2.1	6.2.1
nuget	NuGet.CommandLine.XPlat	>= 6.0.0, < 6.0.2	6.0.2
nuget	NuGet.CommandLine.XPlat	>= 5.10.0, < 5.11.2	5.11.2
nuget	NuGet.CommandLine.XPlat	>= 5.8.0, < 5.9.2	5.9.2
nuget	NuGet.CommandLine.XPlat	>= 5.3.0, < 5.7.2	5.7.2
nuget	NuGet.CommandLine.XPlat	>= 5.0.0, < 5.2.1	5.2.1
nuget	NuGet.CommandLine	>= 6.1.0, < 6.2.1	6.2.1
nuget	NuGet.CommandLine	>= 6.0.0, < 6.0.2	6.0.2
nuget	NuGet.CommandLine	>= 5.10.0, < 5.11.2	5.11.2
nuget	NuGet.CommandLine	>= 5.8.0, < 5.9.2	5.9.2
nuget	NuGet.CommandLine	>= 5.3.0, < 5.7.2	5.7.2
nuget	NuGet.CommandLine	>= 5.0.0, < 5.2.1	5.2.1

Exploit Probability

EPSS

0.59%

Percentile

68.90%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.