CVE-2018-8292

Published: Oct 10, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.

Affected (4)

Products: Microsoft: Asp.net Core, Powershell Core

2 products

Powershell Core

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Asp.net Core	Version 1.0
Microsoft Asp.net Core	Version 1.1
Microsoft Asp.net Core	Version 2.1
Microsoft Powershell Core	Version 6.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.securityfocus.com/bid/105548

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:2902

Source: secure@microsoft.com

Third Party Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292

Source: secure@microsoft.com

PatchVendor Advisory

http://www.securityfocus.com/bid/105548

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:2902

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.