Описание
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
FAQ
What type of information could be disclosed by this vulnerability?
This vulnerability makes it possible to listen to any group or user with a specially crafted group/username. By exploiting this vulnerability, the attacker can now receive messages for group(s) that they are unauthorized to view.
According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is information disclosure?
The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local (AV:L) and User Interaction is Required (UI:R), this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and run a malicious application. This could lead to a local attack on the user's device which could leak data.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| ASP.NET Core 2.1 | ||
| .NET 6.0 | ||
| Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft Visual Studio 2022 version 17.4 | ||
| .NET 7.0 | ||
| Microsoft Visual Studio 2022 version 17.6 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
6.2 Medium
CVSS3
Связанные уязвимости
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
Уязвимость средства разработки программного обеспечения Microsoft Visual Studio, программной платформы Microsoft.NET, и программной платформы ASP.NET Core, позволяющая нарушителю получить доступ к конфиденциальной информации
EPSS
6.2 Medium
CVSS3