CVE-2018-8292
HIGH.NET Core 1.0, 1.1, 2.1 and PowerShell Core 6.0 - Information Disclosure via Redirect
Title source: llmDescription
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.
References (3)
Core 3
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2902
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105548
Scores
CVSS v3
7.5
EPSS
0.0814
EPSS Percentile
92.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (5)
microsoft/asp.net_core
1.0
microsoft/asp.net_core
1.1
microsoft/asp.net_core
2.1
microsoft/powershell_core
6.0
nuget/System.Net.Http
0 - 4.3.4NuGet
Published
Oct 10, 2018
Tracked Since
Feb 18, 2026