CVE-2021-34485

CWE-732 — Incorrect Permission Assignment6 documents6 sources

Severity

5.5MEDIUM

EPSS

0.7%

top 28.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

15

Microsoft .net 5.0 Microsoft .net Core 2.1 Microsoft .net Core 3.1 +12 more

Timeline

PublishedAug 12

Latest updateOct 20

Description

.NET Core and Visual Studio Information Disclosure Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 1.3 | Impact: 3.6

Affected Packages39 packages

▶CVEListV5microsoft/microsoft_visual_studio_2017_version_15.9_(includes_15.0_-_15.8)15.9.0 — 15.9.38

▶CVEListV5microsoft/microsoft_visual_studio_2019_version_16.4_(includes_16.0_-_16.3)16.0 — 16.4.25

▶CVEListV5microsoft/microsoft_visual_studio_2019_version_16.7_(includes_16.0_–_16.6)16.0.0 — 16.7.18

▶CVEListV5microsoft/microsoft_visual_studio_2019_version_16.9_(includes_16.0_-_16.8)15.0.0 — 16.9.10

▶CVEListV5microsoft/microsoft_visual_studio_2019_version_16.10_(includes_16.0_-_16.9)16.10.0 — 16.10.5

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

3

GHSA

.NET Core Information Disclosure Vulnerability↗2022-10-20

▶

OSV

.NET Core Information Disclosure Vulnerability↗2022-10-20

▶

CVEList

.NET Core and Visual Studio Information Disclosure Vulnerability↗2021-08-12

▶

📋Vendor Advisories

2

Microsoft

.NET Core and Visual Studio Information Disclosure Vulnerability↗2021-08-10

▶

Red Hat

dotnet: Dump file created world-readable↗2021-08-10

▶