MicrosoftCVELIST:CVE-2020-1045CVE-2020-1045 Microsoft ASP.NET Core Security Feature Bypass Vulnerability
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
AI Score
Confidence
High
EPSS
Percentile
73.0%
CNA Affected
[
{
"vendor": "Microsoft",
"product": "ASP.NET Core 2.1",
"cpes": [
"cpe:2.3:a:microsoft:asp.net_core:2.1*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "2.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "ASP.NET Core 3.1",
"cpes": [
"cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "3.0",
"lessThan": "publication",
"versionType": "custom",
"status": "affected"
}
]
}
]References
access.redhat.com/errata/RHSA-2020:3699
github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045
security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
AI Score
Confidence
High
EPSS
Percentile
73.0%