Описание
ASP.NET Core Security Feature Bypass Vulnerability
FAQ
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An unauthenticated attacker could bypass validations on Blazor Server forms.
How could an attacker exploit this vulnerability?
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then trigger an event that could exploit the vulnerability to save an invalid state to a database or trigger other unintended actions, depending on what functionality the form provides.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| ASP.NET Core 6.0 | ||
| .NET 6.0 | ||
| Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft Visual Studio 2022 version 17.4 | ||
| .NET 7.0 | ||
| Microsoft Visual Studio 2022 version 17.6 | ||
| Microsoft Visual Studio 2022 version 17.7 | ||
| ASP.NET Core 7.0 | ||
| ASP.NET Core 8.0 | ||
| .NET 8.0 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
6.2 Medium
CVSS3
Связанные уязвимости
ASP.NET Core - Security Feature Bypass Vulnerability
Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability
Уязвимость программной платформы ASP.NET Core, связанная с ошибками в настройках безопасности, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
6.2 Medium
CVSS3