CVE-2021-34532

CWE-532 — Log File Information Exposure6 documents6 sources

Severity

5.5MEDIUM

EPSS

0.3%

top 49.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

10

Microsoft Asp.net Core 2.1 Microsoft Asp.net Core 3.1 Microsoft Asp.net Core 5.0 +7 more

Timeline

PublishedAug 12

Latest updateAug 25

Description

ASP.NET Core and Visual Studio Information Disclosure Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages11 packages

▶CVEListV5microsoft/visual_studio_2019_for_mac_version_8.108.1.0 — 8.10.7

▶CVEListV5microsoft/microsoft_visual_studio_2019_version_16.4_(includes_16.0_-_16.3)16.0 — 16.4.25

▶CVEListV5microsoft/microsoft_visual_studio_2019_version_16.7_(includes_16.0_–_16.6)16.0.0 — 16.7.18

▶CVEListV5microsoft/microsoft_visual_studio_2019_version_16.9_(includes_16.0_-_16.8)15.0.0 — 16.9.10

▶CVEListV5microsoft/microsoft_visual_studio_2019_version_16.10_(includes_16.0_-_16.9)16.10.0 — 16.10.5

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

3

GHSA

ASP.NET Core Information Disclosure Vulnerability↗2021-08-25

▶

OSV

ASP.NET Core Information Disclosure Vulnerability↗2021-08-25

▶

CVEList

ASP.NET Core and Visual Studio Information Disclosure Vulnerability↗2021-08-12

▶

📋Vendor Advisories

2

Microsoft

ASP.NET Core and Visual Studio Information Disclosure Vulnerability↗2021-08-10

▶

Red Hat

dotnet: ASP.NET Core JWT token logging↗2021-08-10

▶

CVE-2021-34532 (MEDIUM CVSS 5.5) | ASP.NET Core and Visual Studio Info | cvebase.io