CVE-2023-35391

CWE-200Information Exposure7 documents7 sources
Severity
7.5HIGH
EPSS
2.0%
top 16.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Microsoft .net 6.0Microsoft .net 7.0Microsoft Asp.net Core 2.1+6 more
Timeline
PublishedAug 8
Latest updateAug 11

Description

ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages11 packages

NVDmicrosoft/visual_studio_202217.2.017.2.18+2

Patches

Patch: msrc.microsoft.comPatch: msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
.NET Information Disclosure Vulnerability2023-08-11
OSV
.NET Information Disclosure Vulnerability2023-08-11
CVEList
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability2023-08-08

💥Exploits & PoCs

1
Exploit-DB
Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing2023-04-07

📋Vendor Advisories

2
Microsoft
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability2023-08-08
Red Hat
dotnet: Redis backplane in SignalR listen disclosure information to unexpected group or user2023-08-08
CVE-2023-35391 (HIGH CVSS 7.5) | ASP.NET Core SignalR and Visual Stu | cvebase.io