CVE-2023-36558

9 documents7 sources

Severity

5.5MEDIUM

EPSS

0.3%

top 42.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft .net 6.0 Microsoft .net 7.0 Microsoft .net 8.0 +10 more

Timeline

PublishedNov 14

Latest updateNov 15

Description

ASP.NET Core Security Feature Bypass Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages16 packages

▶NVDmicrosoft/asp.net_core6.0.0 — 6.0.25+2

▶CVEListV5microsoft/asp.net_core_6.06.0 — 6.0.25

▶CVEListV5microsoft/asp.net_core_7.07.0.0 — 7.0.14

▶CVEListV5microsoft/asp.net_core_8.08.0 — 8.0.0

▶NuGetMicrosoft.AspNetCore.Components8.0.0-rc.2.23480.2 — 8.0.0+2

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

dotnet6, dotnet7, dotnet8 vulnerabilities↗2023-11-15

▶

OSV

Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability↗2023-11-14

▶

CVEList

ASP.NET Core Security Feature Bypass Vulnerability↗2023-11-14

▶

OSV

CVE-2023-36558: ASP↗2023-11-14

▶

GHSA

Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability↗2023-11-14

▶

📋Vendor Advisories

Ubuntu

.NET vulnerabilities↗2023-11-15

▶

Red Hat

dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms↗2023-11-14

▶

Microsoft

ASP.NET Core Security Feature Bypass Vulnerability↗2023-11-14

▶