PT-2018-2082 · Microsoft · Powershell Core+1

Publicado

2018-10-09

Atualizado

2021-04-21

CVE-2018-8292

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions .NET Core versions 1.0 through 2.1 PowerShell Core version 6.0

Description The issue is related to errors in the authentication procedure, which can lead to the disclosure of protected information. This can be exploited by a remote attacker to reveal sensitive data. The vulnerability is associated with the inadvertent exposure of authentication information in a redirect.

Recommendations For .NET Core versions 1.0 through 2.1, update to a version that includes the fix for this issue to prevent information disclosure. For PowerShell Core version 6.0, consider restricting access to sensitive information until a patch is available.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

BDU:2019-00033

CVE-2018-8292

GHSA-7JGJ-8WVC-JH57

RHSA-2018:2902

Produtos afetados

Net Core

Powershell Core

PT-2018-2082 · Microsoft · Powershell Core+1

CVE-2018-8292

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8