Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2018-8292

Published: 10/10/2018 Updated: 06/12/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Microsoft

Vulnerability Summary

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft asp.net core 1.0

microsoft asp.net core 1.1

microsoft asp.net core 2.1

microsoft powershell core 6.0

Vendor Advisories

Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security update
Synopsis Moderate: NET Core on Red Hat Enterprise Linux security update Type/Severity Security Advisory: Moderate Topic Updates for rh-dotnetcore11-dotnetcore, and rh-dotnetcore10-dotnetcore are now available for NET Core on Red Hat Enterprise LinuxRed Hat Product Security has rated this update as having ...
Red Hat: CVE-2018-8292
An information disclosure vulnerability exists in NET Core when authentication information is inadvertently exposed in a redirect, aka "NET Core Information Disclosure Vulnerability" This affects NET Core 21, NET Core 10, NET Core 11, PowerShell Core 60 ...

Github Repositories

https://github.com/SimonCropp/OssIndexClient

A .net client for OSSIndex (https://ossindex.sonatype.org/)

OssIndexClient A net client for OSSIndex (ossindexsonatypeorg/) See Milestones for release notes NuGet package nugetorg/packages/OssIndexClient/ Usage Getting a report using var ossIndexClient = new OssIndex(); var report = await ossIndexClientGetReport( new( ecoSystem: EcoSystemnuget, name: "SystemNetHttp", ve

https://github.com/StasJS/TrivyDepsFalsePositive

TrivyDepsFalsePositive This repo exists as a minimal example to illustrate what I believe to be a false positive flag in Trivy, based upon a misunderstanding of how dependencies are managed in NET It's motivated by aquasecurity/trivy#2706 I've posted a link to this repo here aquasecurity/trivy#4282 (comment) In this illustration, Trivy highlights two vulnerabilitie

References

CWE-200https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292https://access.redhat.com/errata/RHSA-2018:2902http://www.securityfocus.com/bid/105548https://access.redhat.com/errata/RHSA-2018:2902https://nvd.nist.govhttps://github.com/SimonCropp/OssIndexClienthttps://access.redhat.com/security/cve/cve-2018-8292
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook