CVE-2018-8292

Impact:
Moderate
Public Date:
2018-10-09
CWE:
CWE-201
Bugzilla:
1636274: CVE-2018-8292 .NET Core: information disclosure due to authentication information exposed in a redirect

The MITRE CVE dictionary describes this issue as:

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.

Find out more about CVE-2018-8292 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 7.4
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
.NET Core 1.0 on Red Hat Enterprise Linux (rh-dotnetcore10-dotnetcore) RHSA-2018:2902 2018-10-10
.NET Core 1.1 on Red Hat Enterprise Linux (rh-dotnetcore11-dotnetcore) RHSA-2018:2902 2018-10-10

Affected Packages State

Platform Package State
.NET Core 2.0 on Red Hat Enterprise Linux rh-dotnet21-dotnet Not affected
.NET Core 2.0 on Red Hat Enterprise Linux rh-dotnet20-dotnet Will not fix

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.