.NET Core
CVE-2018-8292 — .NET Core Information Disclosure Vulnerability
Important
2018-10 archive
Executive Summary
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect. An attacker who successfully exploited this vulnerability could use the information to further compromise the web application. The security update addresses the vulnerability by correcting how .NET Core handles redirects.
Overview
Important
MS Severity
Not Exploited
MS Exploit Status
More Likely
MS Exploit Likelihood
EPSS Score
No EPSS score available for this CVE.
View on FIRST.orgAffected Products
4 affected products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| .NET Core 1.0 | Commit (Security Update) |
Important | Information Disclosure | No |
| .NET Core 1.1 | Commit (Security Update) |
Important | Information Disclosure | Yes |
| .NET Core 2.1 | Commit (Security Update) |
Important | Information Disclosure | Yes |
| PowerShell Core 6.0 | Release Notes (Security Update) |
Important | Information Disclosure | Yes |
Patches
2 patches
| Article | Type | Restart |
|---|---|---|
Commit |
Security Update | No |
Release Notes |
Security Update | Yes |
Known Exploits
No known exploits have been linked for this CVE yet. When available, exploit references will be sourced from public repositories and may be unverified, incomplete, or non-functional. Always review code carefully before use in any environment.
Acknowledgments
None
References
On This Page