{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38081", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2024-06-11T22:36:08.182Z", "datePublished": "2024-07-09T17:03:22.527Z", "dateUpdated": "2025-03-11T16:40:22.736Z"}, "containers": {"cna": {"title": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability", "datePublic": "2024-07-09T07:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.4.0", "versionEndExcluding": "17.4.21"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.6.0", "versionEndExcluding": "17.6.17"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.8.0", "versionEndExcluding": "17.8.12"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0.0", "versionEndExcluding": "6.0.32"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.7.0", "versionEndExcluding": "4.7.4101.02"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8.1", "versionEndExcluding": "4.8.1.9256.03"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.7.0", "versionEndExcluding": "4.7.4101.01"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.0.0", "versionEndExcluding": "10.0.10240.20710"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", "versionStartIncluding": "2.0.0", "versionEndExcluding": "2.0.50727.8977"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", "versionStartIncluding": "3.0.0", "versionEndExcluding": "2.0.50727.8977"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.5.0", "versionEndExcluding": "3.5.30729.8972"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.5.0", "versionEndExcluding": "3.5.30729.8971"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8.0", "versionEndExcluding": "4.8.04739.02"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8.0", "versionEndExcluding": "4.8.4739.04"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.7.0", "versionEndExcluding": "4.7.2.4101.03"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.4", "platforms": ["Unknown"], "versions": [{"version": "17.4.0", "lessThan": "17.4.21", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.6", "platforms": ["Unknown"], "versions": [{"version": "17.6.0", "lessThan": "17.6.17", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.8", "platforms": ["Unknown"], "versions": [{"version": "17.8.0", "lessThan": "17.8.12", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET 6.0", "platforms": ["Unknown"], "versions": [{"version": "6.0.0", "lessThan": "6.0.32", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", "platforms": ["Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 R2", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"], "versions": [{"version": "4.7.0", "lessThan": "4.7.4101.02", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 3.5 AND 4.8.1", "platforms": ["Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 11 version 21H2 for x64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 11 Version 22H2 for ARM64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 11 Version 23H2 for ARM64-based Systems", "Windows Server 2022, 23H2 Edition (Server Core installation)", "Windows 11 Version 23H2 for x64-based Systems"], "versions": [{"version": "4.8.1", "lessThan": "4.8.1.9256.03", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 4.6.2", "platforms": ["Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"], "versions": [{"version": "4.7.0", "lessThan": "4.7.4101.01", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 4.6/4.6.2", "platforms": ["Windows 10 for 32-bit Systems", "Windows 10 for x64-based Systems"], "versions": [{"version": "10.0.0.0", "lessThan": "10.0.10240.20710", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 2.0 Service Pack 2", "platforms": ["Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2"], "versions": [{"version": "2.0.0", "lessThan": "2.0.50727.8977", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 3.0 Service Pack 2", "platforms": ["Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for 32-bit Systems Service Pack 2"], "versions": [{"version": "3.0.0", "lessThan": "2.0.50727.8977", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 3.5", "platforms": ["Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)"], "versions": [{"version": "3.5.0", "lessThan": "3.5.30729.8972", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 3.5.1", "platforms": ["Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"], "versions": [{"version": "3.5.0", "lessThan": "3.5.30729.8971", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 4.8", "platforms": ["Windows 10 Version 1607 for x64-based Systems", "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2016", "Windows Server 2016 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2012 R2", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2 (Server Core installation)"], "versions": [{"version": "4.8.0", "lessThan": "4.8.04739.02", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 3.5 AND 4.8", "platforms": ["Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1809 for 32-bit Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows Server 2022 (Server Core installation)", "Windows Server 2022", "Windows 11 version 21H2 for x64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems"], "versions": [{"version": "4.8.0", "lessThan": "4.8.4739.04", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 3.5 AND 4.7.2", "platforms": ["Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows 10 Version 1607 for 32-bit Systems", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016", "Windows Server 2016 (Server Core installation)"], "versions": [{"version": "4.7.0", "lessThan": "4.7.2.4101.03", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-59: Improper Link Resolution Before File Access ('Link Following')", "lang": "en-US", "type": "CWE", "cweId": "CWE-59"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-03-11T16:40:22.736Z"}, "references": [{"name": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-09T18:00:51.956378Z", "id": "CVE-2024-38081", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T18:00:59.015Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:04:25.011Z"}, "title": "CVE Program Container", "references": [{"name": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "x_transferred"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081", "name": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:04:25.011Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38081", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-09T18:00:51.956378Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T18:00:55.851Z"}}], "cna": {"title": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.4", "versions": [{"status": "affected", "version": "17.4.0", "lessThan": "17.4.21", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.6", "versions": [{"status": "affected", "version": "17.6.0", "lessThan": "17.6.17", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.8", "versions": [{"status": "affected", "version": "17.8.0", "lessThan": "17.8.12", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": ".NET 6.0", "versions": [{"status": "affected", "version": "6.0.0", "lessThan": "6.0.32", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", "versions": [{"status": "affected", "version": "4.7.0", "lessThan": "4.7.4101.02", "versionType": "custom"}], "platforms": ["Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 R2", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 3.5 AND 4.8.1", "versions": [{"status": "affected", "version": "4.8.1", "lessThan": "4.8.1.9256.03", "versionType": "custom"}], "platforms": ["Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 11 version 21H2 for x64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 11 Version 22H2 for ARM64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 11 Version 23H2 for ARM64-based Systems", "Windows Server 2022, 23H2 Edition (Server Core installation)", "Windows 11 Version 23H2 for x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 4.6.2", "versions": [{"status": "affected", "version": "4.7.0", "lessThan": "4.7.4101.01", "versionType": "custom"}], "platforms": ["Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 4.6/4.6.2", "versions": [{"status": "affected", "version": "10.0.0.0", "lessThan": "10.0.10240.20710", "versionType": "custom"}], "platforms": ["Windows 10 for 32-bit Systems", "Windows 10 for x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 2.0 Service Pack 2", "versions": [{"status": "affected", "version": "2.0.0", "lessThan": "2.0.50727.8977", "versionType": "custom"}], "platforms": ["Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2"]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 3.0 Service Pack 2", "versions": [{"status": "affected", "version": "3.0.0", "lessThan": "2.0.50727.8977", "versionType": "custom"}], "platforms": ["Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for 32-bit Systems Service Pack 2"]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 3.5", "versions": [{"status": "affected", "version": "3.5.0", "lessThan": "3.5.30729.8972", "versionType": "custom"}], "platforms": ["Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)"]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 3.5.1", "versions": [{"status": "affected", "version": "3.5.0", "lessThan": "3.5.30729.8971", "versionType": "custom"}], "platforms": ["Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 4.8", "versions": [{"status": "affected", "version": "4.8.0", "lessThan": "4.8.04739.02", "versionType": "custom"}], "platforms": ["Windows 10 Version 1607 for x64-based Systems", "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2016", "Windows Server 2016 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2012 R2", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2 (Server Core installation)"]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 3.5 AND 4.8", "versions": [{"status": "affected", "version": "4.8.0", "lessThan": "4.8.4739.04", "versionType": "custom"}], "platforms": ["Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1809 for 32-bit Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows Server 2022 (Server Core installation)", "Windows Server 2022", "Windows 11 version 21H2 for x64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems"]}, {"vendor": "Microsoft", "product": "Microsoft .NET Framework 3.5 AND 4.7.2", "versions": [{"status": "affected", "version": "4.7.0", "lessThan": "4.7.2.4101.03", "versionType": "custom"}], "platforms": ["Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows 10 Version 1607 for 32-bit Systems", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016", "Windows Server 2016 (Server Core installation)"]}], "datePublic": "2024-07-09T07:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081", "name": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en-US", "value": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability"}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-59", "description": "CWE-59: Improper Link Resolution Before File Access ('Link Following')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.4.21", "versionStartIncluding": "17.4.0"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.6.17", "versionStartIncluding": "17.6.0"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.8.12", "versionStartIncluding": "17.8.0"}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.0.32", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.7.4101.02", "versionStartIncluding": "4.7.0"}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.8.1.9256.03", "versionStartIncluding": "4.8.1"}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.7.4101.01", "versionStartIncluding": "4.7.0"}, {"criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.10240.20710", "versionStartIncluding": "10.0.0.0"}, {"criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.0.50727.8977", "versionStartIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.0.50727.8977", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "3.5.30729.8972", "versionStartIncluding": "3.5.0"}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "3.5.30729.8971", "versionStartIncluding": "3.5.0"}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.8.04739.02", "versionStartIncluding": "4.8.0"}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.8.4739.04", "versionStartIncluding": "4.8.0"}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.7.2.4101.03", "versionStartIncluding": "4.7.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-03-11T16:40:22.736Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38081", "state": "PUBLISHED", "dateUpdated": "2025-03-11T16:40:22.736Z", "dateReserved": "2024-06-11T22:36:08.182Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2024-07-09T17:03:22.527Z", "assignerShortName": "microsoft"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", "matchCriteriaId": "D00F295B-6ECF-43C4-BD71-98F835CCDB0D", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", "matchCriteriaId": "1648C361-E25C-42FE-8543-03DE56100201", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E2A7014-8078-4C40-91E3-ACA60A98AC68", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "979081E3-FB60-43E0-BF86-ED301E7EF25C", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F7487B8-BE4D-4707-9E20-39840A260831", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "47D0AB10-CD2F-4500-A4D6-CC2BA724036C", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*", "matchCriteriaId": "B7674920-AE12-4A25-BE57-34AEDDA74D76", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*", "matchCriteriaId": "AA1CCA3D-299D-4BCD-8565-98083C40525C", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:x64:*", "matchCriteriaId": "8968BAC8-A1DB-4F88-89F8-4BE47919C247", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E4E76DC-838A-46D7-BC09-E2C149699050", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F0241B0-855A-489C-9AAE-68BC2556F24D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "8EDC4407-7E92-4E60-82F0-0C87D1860D3A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*", "matchCriteriaId": "B7674920-AE12-4A25-BE57-34AEDDA74D76", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*", "matchCriteriaId": "AA1CCA3D-299D-4BCD-8565-98083C40525C", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:x64:*", "matchCriteriaId": "8968BAC8-A1DB-4F88-89F8-4BE47919C247", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "D400E856-2B2E-4CEA-8CA5-309FDF371CEA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "979081E3-FB60-43E0-BF86-ED301E7EF25C", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F7487B8-BE4D-4707-9E20-39840A260831", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "47D0AB10-CD2F-4500-A4D6-CC2BA724036C", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CB5C848-9883-4FE0-9A6B-B7B52E704AC1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "50D643A0-5F16-4D63-BF83-19DF8F93AE25", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F0241B0-855A-489C-9AAE-68BC2556F24D", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B822942-B429-406C-A13A-A2379AA952CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "matchCriteriaId": "1233A609-9772-490F-80F5-8AA750BF25CE", "versionEndExcluding": "6.0.32", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "1EF1832B-95B7-4253-92EC-0912987D8C42", "versionEndExcluding": "17.4.21", "versionStartIncluding": "17.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB946EB4-95CC-42FC-9D47-445D7E1C3E38", "versionEndExcluding": "17.6.17", "versionStartIncluding": "17.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "65299FC5-169B-4642-B961-647EEE2DA0BD", "versionEndExcluding": "17.8.12", "versionStartIncluding": "17.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", "matchCriteriaId": "D00F295B-6ECF-43C4-BD71-98F835CCDB0D", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", "matchCriteriaId": "0A1BC97A-263E-4291-8AEF-02EE4E6031E9", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E2A7014-8078-4C40-91E3-ACA60A98AC68", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E4E76DC-838A-46D7-BC09-E2C149699050", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability"}, {"lang": "es", "value": "Vulnerabilidad de elevaci\u00f3n de privilegios en .NET, .NET Framework y Visual Studio"}], "id": "CVE-2024-38081", "lastModified": "2024-11-21T09:24:51.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Secondary"}]}, "published": "2024-07-09T17:15:43.750", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "secure@microsoft.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "dotnet: Elevation of Privilege in VS Installer via NuGet config file", "id": "2295322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295322"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "details": [".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability", "A vulnerability was found in dotNET. The Visual Studio Installer may allow the elevation of privilege via NuGet configuration file lockfile hijacking."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-38081", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:6.0", "fix_state": "Not affected", "package_name": "rh-dotnet60-dotnet", "product_name": ".NET 6.0 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "dotnet6.0", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "dotnet8.0", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dotnet6.0", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dotnet7.0", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dotnet8.0", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38081\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38081"], "threat_severity": "Important"}