PT-2018-2082 · Microsoft · Powershell Core+1

Published

2018-10-09

Updated

2021-04-21

CVE-2018-8292

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions .NET Core versions 1.0 through 2.1 PowerShell Core version 6.0

Description The issue is related to errors in the authentication procedure, which can lead to the disclosure of protected information. This can be exploited by a remote attacker to reveal sensitive data. The vulnerability is associated with the inadvertent exposure of authentication information in a redirect.

Recommendations For .NET Core versions 1.0 through 2.1, update to a version that includes the fix for this issue to prevent information disclosure. For PowerShell Core version 6.0, consider restricting access to sensitive information until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2019-00033

CVE-2018-8292

GHSA-7JGJ-8WVC-JH57

RHSA-2018:2902

Affected Products

Net Core

Powershell Core

PT-2018-2082 · Microsoft · Powershell Core+1

CVE-2018-8292

Weakness Enumeration

Related Identifiers

Affected Products

References · 8