CVE-2024-38167

.NET and Visual Studio Information Disclosure Vulnerability

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Name	Vendor	Start Version	End Version
.net	Microsoft	8.0.0 (including)	8.0.8 (excluding)
Visual_studio_2022	Microsoft	17.6.0 (including)	17.6.18 (excluding)
Visual_studio_2022	Microsoft	17.8.0 (including)	17.8.13 (excluding)
Visual_studio_2022	Microsoft	17.10.0 (including)	17.10.6 (excluding)
Red Hat Enterprise Linux 8	RedHat	dotnet8.0-0:8.0.108-1.el8_10	*
Red Hat Enterprise Linux 9	RedHat	dotnet8.0-0:8.0.108-1.el9_4	*
Dotnet7	Ubuntu	jammy	*
Dotnet8	Ubuntu	devel	*
Dotnet8	Ubuntu	jammy	*
Dotnet8	Ubuntu	noble	*
Dotnet8	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-38167
CWE	https://cwe.mitre.org/data/definitions/319.html

Cleartext Transmission of Sensitive Information