Описание
ASP.NET Core Elevation Of Privilege Vulnerability
An open redirect vulnerability exists in ASP.NET Core that could lead to elevation of privilege. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL, and convince the user to click the link.
When an authenticated user clicks the link, the authenticated user's browser session could be redirected to a malicious site that is designed to steal log-in session information such as cookies or authentication tokens.
The update addresses the vulnerability by correcting how ASP.NET Core handles open redirect requests.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".
EPSS