CVE-2018-8292

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/105548	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:2902	Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:asp.net_core:1.0:::::::*
	cpe:2.3:a:microsoft:asp.net_core:1.1:::::::*
	cpe:2.3:a:microsoft:asp.net_core:2.1:::::::*
	cpe:2.3:a:microsoft:powershell_core:6.0:::::::*

History

No history.

Information

Published : 2018-10-10 13:29

Updated : 2024-02-04 20:03

NVD link : CVE-2018-8292

Mitre link : CVE-2018-8292

CVE.ORG link : CVE-2018-8292

JSON object : View

Products Affected

microsoft

asp.net_core
powershell_core

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2018-8292", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-10-10T13:29:01.213", "references": [{"url": "http://www.securityfocus.com/bid/105548", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2902", "tags": ["Third Party Advisory"], "source": "secure@microsoft.com"}, {"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka \".NET Core Information Disclosure Vulnerability.\" This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0."}, {"lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en .NET Core cuando la informaci\u00f3n de autenticaci\u00f3n se expone de forma inadvertida en una redirecci\u00f3n. Esto tambi\u00e9n se conoce como \".NET Core Information Disclosure Vulnerability\". Esto afecta a .NET Core 2.1, .NET Core 1.0, .NET Core 1.1 y PowerShell Core 6.0."}], "lastModified": "2018-12-06T14:46:36.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0913F82A-985A-401D-89F6-191684A8AB55"}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8256236D-D4F0-4207-B82D-18B0135CEB4E"}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19C3047E-C222-4636-B1B3-722F2C65BC99"}, {"criteria": "cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D6A900C-6173-466A-B54D-683A12F53138"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}