Action not permitted
Modal body text goes here.
cve-2021-31204
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:55:53.545Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204" }, { "name": "FEDORA-2021-a3c205f5b2", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FVMWZPF4FR6JPFSNAIDIUDULHZJBVCW6/" }, { "name": "FEDORA-2021-13e3bd248f", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6M7KL3KTHJVQNRA3CWFUTESQJARQEHSZ/" }, { "name": "FEDORA-2021-721731dc86", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F3VM3RMPE7PNNLLI3BPCSAXITQZCFCA/" }, { "name": "FEDORA-2021-c06b64b5ee", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWF25Z3CZ6LYCOHZ7FPSFAQ426JUBUZ4/" }, { "name": "FEDORA-2021-f25eb9e302", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UV4ITB3SUDGR23G7XALUVKFJMZERFUKF/" }, { "name": "FEDORA-2021-d551431950", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFXJPQUYUITJMV75YN3XIGE3KKN5GOCU/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET Core 3.1", "vendor": "Microsoft", "versions": [ { "lessThan": "3.1.15-servicing.21214.3", "status": "affected", "version": "3.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET 5.0", "vendor": "Microsoft", "versions": [ { "lessThan": "5.0.6-servicing.21220.11", "status": "affected", "version": "5.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "16.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*" ], "platforms": [ "Unknown" ], "product": "Visual Studio 2019 for Mac version 8.9", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "8.0", "versionType": "custom" } ] } ], "datePublic": "2021-05-11T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": ".NET and Visual Studio Elevation of Privilege Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en-US", "type": "Impact" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-28T23:57:03.970Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204" }, { "name": "FEDORA-2021-a3c205f5b2", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FVMWZPF4FR6JPFSNAIDIUDULHZJBVCW6/" }, { "name": "FEDORA-2021-13e3bd248f", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6M7KL3KTHJVQNRA3CWFUTESQJARQEHSZ/" }, { "name": "FEDORA-2021-721731dc86", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F3VM3RMPE7PNNLLI3BPCSAXITQZCFCA/" }, { "name": "FEDORA-2021-c06b64b5ee", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWF25Z3CZ6LYCOHZ7FPSFAQ426JUBUZ4/" }, { "name": "FEDORA-2021-f25eb9e302", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UV4ITB3SUDGR23G7XALUVKFJMZERFUKF/" }, { "name": "FEDORA-2021-d551431950", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFXJPQUYUITJMV75YN3XIGE3KKN5GOCU/" } ], "title": ".NET and Visual Studio Elevation of Privilege Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2021-31204", "datePublished": "2021-05-11T19:11:40", "dateReserved": "2021-04-14T00:00:00", "dateUpdated": "2024-08-03T22:55:53.545Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-31204\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2021-05-11T19:15:10.327\",\"lastModified\":\"2023-12-29T00:15:49.127\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\".NET and Visual Studio Elevation of Privilege Vulnerability\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Escalada de Privilegios de .NET y Visual Studio\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.6},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndIncluding\":\"5.0.5\",\"matchCriteriaId\":\"954DB6AC-B6A8-4FF1-A60C-6531FB2D7C55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1\",\"versionEndIncluding\":\"3.1.14\",\"matchCriteriaId\":\"E1FBEF1B-5F64-4665-9AD5-3A8CD1ECE92A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndExcluding\":\"16.4.22\",\"matchCriteriaId\":\"45AADF74-7D19-4262-887F-EF8527B3D1C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.5.0\",\"versionEndExcluding\":\"16.7.15\",\"matchCriteriaId\":\"F72FE4AE-BD01-4D58-A5C6-E4480CE65643\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.8.0\",\"versionEndExcluding\":\"16.9.5\",\"matchCriteriaId\":\"D40BD6DF-6594-4FBB-8B6F-36F4E1809E8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2019:8.9:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"D6AD9B85-5106-4D1D-B32A-0585F3E89DF5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}],\"references\":[{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F3VM3RMPE7PNNLLI3BPCSAXITQZCFCA/\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6M7KL3KTHJVQNRA3CWFUTESQJARQEHSZ/\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FVMWZPF4FR6JPFSNAIDIUDULHZJBVCW6/\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFXJPQUYUITJMV75YN3XIGE3KKN5GOCU/\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UV4ITB3SUDGR23G7XALUVKFJMZERFUKF/\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWF25Z3CZ6LYCOHZ7FPSFAQ426JUBUZ4/\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}" } }
rhsa-2021_2036
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.203 and .NET Runtime 5.0.6.\n\nSecurity Fix(es):\n\n* dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nIn order for the update to be complete, self-contained applications deployed using previous versions need to be recompiled and redeployed.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2036", "url": "https://access.redhat.com/errata/RHSA-2021:2036" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1956815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956815" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2036.json" } ], "title": "Red Hat Security Advisory: dotnet5.0 security and bugfix update", "tracking": { "current_release_date": "2024-11-05T23:36:37+00:00", "generator": { "date": "2024-11-05T23:36:37+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:2036", "initial_release_date": "2021-05-19T10:11:06+00:00", "revision_history": [ { "date": "2021-05-19T10:11:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-05-19T10:11:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:36:37+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "aspnetcore-runtime-5.0-0:5.0.6-1.el8_4.x86_64", "product": { "name": "aspnetcore-runtime-5.0-0:5.0.6-1.el8_4.x86_64", "product_id": "aspnetcore-runtime-5.0-0:5.0.6-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-runtime-5.0@5.0.6-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "aspnetcore-targeting-pack-5.0-0:5.0.6-1.el8_4.x86_64", "product": { "name": "aspnetcore-targeting-pack-5.0-0:5.0.6-1.el8_4.x86_64", "product_id": "aspnetcore-targeting-pack-5.0-0:5.0.6-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-5.0@5.0.6-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-0:5.0.203-1.el8_4.x86_64", "product": { "name": "dotnet-0:5.0.203-1.el8_4.x86_64", "product_id": "dotnet-0:5.0.203-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet@5.0.203-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-5.0-0:5.0.6-1.el8_4.x86_64", "product": { "name": "dotnet-apphost-pack-5.0-0:5.0.6-1.el8_4.x86_64", "product_id": "dotnet-apphost-pack-5.0-0:5.0.6-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-5.0@5.0.6-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-host-0:5.0.6-1.el8_4.x86_64", "product": { "name": "dotnet-host-0:5.0.6-1.el8_4.x86_64", "product_id": "dotnet-host-0:5.0.6-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host@5.0.6-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-5.0-0:5.0.6-1.el8_4.x86_64", "product": { "name": "dotnet-hostfxr-5.0-0:5.0.6-1.el8_4.x86_64", "product_id": "dotnet-hostfxr-5.0-0:5.0.6-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-5.0@5.0.6-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-5.0-0:5.0.6-1.el8_4.x86_64", "product": { "name": "dotnet-runtime-5.0-0:5.0.6-1.el8_4.x86_64", "product_id": "dotnet-runtime-5.0-0:5.0.6-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-5.0@5.0.6-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-5.0-0:5.0.203-1.el8_4.x86_64", "product": { "name": "dotnet-sdk-5.0-0:5.0.203-1.el8_4.x86_64", "product_id": "dotnet-sdk-5.0-0:5.0.203-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-5.0@5.0.203-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-targeting-pack-5.0-0:5.0.6-1.el8_4.x86_64", "product": { "name": "dotnet-targeting-pack-5.0-0:5.0.6-1.el8_4.x86_64", "product_id": "dotnet-targeting-pack-5.0-0:5.0.6-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-targeting-pack-5.0@5.0.6-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-templates-5.0-0:5.0.203-1.el8_4.x86_64", "product": { "name": "dotnet-templates-5.0-0:5.0.203-1.el8_4.x86_64", "product_id": "dotnet-templates-5.0-0:5.0.203-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-templates-5.0@5.0.203-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "netstandard-targeting-pack-2.1-0:5.0.203-1.el8_4.x86_64", "product": { "name": "netstandard-targeting-pack-2.1-0:5.0.203-1.el8_4.x86_64", "product_id": "netstandard-targeting-pack-2.1-0:5.0.203-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@5.0.203-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet5.0-debugsource-0:5.0.203-1.el8_4.x86_64", "product": { "name": "dotnet5.0-debugsource-0:5.0.203-1.el8_4.x86_64", "product_id": "dotnet5.0-debugsource-0:5.0.203-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet5.0-debugsource@5.0.203-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "product": { "name": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "product_id": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-5.0-debuginfo@5.0.6-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-host-debuginfo-0:5.0.6-1.el8_4.x86_64", "product": { "name": "dotnet-host-debuginfo-0:5.0.6-1.el8_4.x86_64", "product_id": "dotnet-host-debuginfo-0:5.0.6-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host-debuginfo@5.0.6-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "product": { "name": "dotnet-hostfxr-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "product_id": "dotnet-hostfxr-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-5.0-debuginfo@5.0.6-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "product": { "name": "dotnet-runtime-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "product_id": "dotnet-runtime-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-5.0-debuginfo@5.0.6-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-5.0-debuginfo-0:5.0.203-1.el8_4.x86_64", "product": { "name": "dotnet-sdk-5.0-debuginfo-0:5.0.203-1.el8_4.x86_64", "product_id": "dotnet-sdk-5.0-debuginfo-0:5.0.203-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-5.0-debuginfo@5.0.203-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet5.0-debuginfo-0:5.0.203-1.el8_4.x86_64", "product": { "name": "dotnet5.0-debuginfo-0:5.0.203-1.el8_4.x86_64", "product_id": "dotnet5.0-debuginfo-0:5.0.203-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet5.0-debuginfo@5.0.203-1.el8_4?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "dotnet5.0-0:5.0.203-1.el8_4.src", "product": { "name": "dotnet5.0-0:5.0.203-1.el8_4.src", "product_id": "dotnet5.0-0:5.0.203-1.el8_4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet5.0@5.0.203-1.el8_4?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-5.0-0:5.0.6-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.6-1.el8_4.x86_64" }, "product_reference": "aspnetcore-runtime-5.0-0:5.0.6-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-5.0-0:5.0.6-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.6-1.el8_4.x86_64" }, "product_reference": "aspnetcore-targeting-pack-5.0-0:5.0.6-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-0:5.0.203-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-0:5.0.203-1.el8_4.x86_64" }, "product_reference": "dotnet-0:5.0.203-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-5.0-0:5.0.6-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.6-1.el8_4.x86_64" }, "product_reference": "dotnet-apphost-pack-5.0-0:5.0.6-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64" }, "product_reference": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-0:5.0.6-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-host-0:5.0.6-1.el8_4.x86_64" }, "product_reference": "dotnet-host-0:5.0.6-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-debuginfo-0:5.0.6-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:5.0.6-1.el8_4.x86_64" }, "product_reference": "dotnet-host-debuginfo-0:5.0.6-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-5.0-0:5.0.6-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.6-1.el8_4.x86_64" }, "product_reference": "dotnet-hostfxr-5.0-0:5.0.6-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64" }, "product_reference": "dotnet-hostfxr-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-5.0-0:5.0.6-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.6-1.el8_4.x86_64" }, "product_reference": "dotnet-runtime-5.0-0:5.0.6-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64" }, "product_reference": "dotnet-runtime-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-5.0-0:5.0.203-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.203-1.el8_4.x86_64" }, "product_reference": "dotnet-sdk-5.0-0:5.0.203-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-5.0-debuginfo-0:5.0.203-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.203-1.el8_4.x86_64" }, "product_reference": "dotnet-sdk-5.0-debuginfo-0:5.0.203-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-5.0-0:5.0.6-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.6-1.el8_4.x86_64" }, "product_reference": "dotnet-targeting-pack-5.0-0:5.0.6-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-5.0-0:5.0.203-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.203-1.el8_4.x86_64" }, "product_reference": "dotnet-templates-5.0-0:5.0.203-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet5.0-0:5.0.203-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet5.0-0:5.0.203-1.el8_4.src" }, "product_reference": "dotnet5.0-0:5.0.203-1.el8_4.src", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet5.0-debuginfo-0:5.0.203-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.203-1.el8_4.x86_64" }, "product_reference": "dotnet5.0-debuginfo-0:5.0.203-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet5.0-debugsource-0:5.0.203-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.203-1.el8_4.x86_64" }, "product_reference": "dotnet5.0-debugsource-0:5.0.203-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "netstandard-targeting-pack-2.1-0:5.0.203-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:5.0.203-1.el8_4.x86_64" }, "product_reference": "netstandard-targeting-pack-2.1-0:5.0.203-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-31204", "cwe": { "id": "CWE-273", "name": "Improper Check for Dropped Privileges" }, "discovery_date": "2021-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956815" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. A .NET Core single-file application running with elevated permissions could allow an attacker to gain elevated privileges. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: .NET Core single-file application privilege escalation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-0:5.0.203-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-host-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.203-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.203-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.203-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet5.0-0:5.0.203-1.el8_4.src", "AppStream-8.4.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.203-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.203-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:5.0.203-1.el8_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31204" }, { "category": "external", "summary": "RHBZ#1956815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956815" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31204", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31204" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31204", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31204" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/185", "url": "https://github.com/dotnet/announcements/issues/185" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31204", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31204" } ], "release_date": "2021-05-11T16:59:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-19T10:11:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-0:5.0.203-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-host-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.203-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.203-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.203-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet5.0-0:5.0.203-1.el8_4.src", "AppStream-8.4.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.203-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.203-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:5.0.203-1.el8_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2036" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-0:5.0.203-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-host-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.203-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.203-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.6-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.203-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet5.0-0:5.0.203-1.el8_4.src", "AppStream-8.4.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.203-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.203-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:5.0.203-1.el8_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: .NET Core single-file application privilege escalation" } ] }
rhsa-2021_1546
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.203 and .NET Runtime 5.0.6.\n\nSecurity Fix(es):\n\n* dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nIn order for the update to be complete, self-contained applications deployed using previous versions need to be recompiled and redeployed.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1546", "url": "https://access.redhat.com/errata/RHSA-2021:1546" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1956815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956815" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1546.json" } ], "title": "Red Hat Security Advisory: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update", "tracking": { "current_release_date": "2024-11-05T23:31:46+00:00", "generator": { "date": "2024-11-05T23:31:46+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:1546", "initial_release_date": "2021-05-12T08:36:56+00:00", "revision_history": [ { "date": "2021-05-12T08:36:56+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-05-12T08:36:56+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:31:46+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:5.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:5.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:5.0::el7" } } } ], "category": "product_family", "name": ".NET Core on Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "product_id": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-aspnetcore-runtime-5.0@5.0.6-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "product_id": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-aspnetcore-targeting-pack-5.0@5.0.6-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet@5.0.203-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-apphost-pack-5.0@5.0.6-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-host@5.0.6-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-hostfxr-5.0@5.0.6-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-runtime-5.0@5.0.6-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-sdk-5.0@5.0.203-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-targeting-pack-5.0@5.0.6-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-templates-5.0@5.0.203-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64", "product_id": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-netstandard-targeting-pack-2.1@5.0.203-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-debuginfo@5.0.203-1.el7_9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src", "product": { "name": "rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src", "product_id": "rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet@5.0.203-1.el7_9?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-31204", "cwe": { "id": "CWE-273", "name": "Improper Check for Dropped Privileges" }, "discovery_date": "2021-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956815" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. A .NET Core single-file application running with elevated permissions could allow an attacker to gain elevated privileges. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: .NET Core single-file application privilege escalation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31204" }, { "category": "external", "summary": "RHBZ#1956815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956815" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31204", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31204" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31204", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31204" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/185", "url": "https://github.com/dotnet/announcements/issues/185" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31204", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31204" } ], "release_date": "2021-05-11T16:59:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-12T08:36:56+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1546" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.203-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.203-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.203-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.6-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.203-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.203-1.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: .NET Core single-file application privilege escalation" } ] }
rhsa-2021_1547
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.115 and .NET Core Runtime 3.1.15.\n\nSecurity Fix(es):\n\n* dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nIn order for the update to be complete, self-contained applications deployed using previous versions need to be recompiled and redeployed.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1547", "url": "https://access.redhat.com/errata/RHSA-2021:1547" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1956815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956815" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1547.json" } ], "title": "Red Hat Security Advisory: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update", "tracking": { "current_release_date": "2024-11-05T23:32:01+00:00", "generator": { "date": "2024-11-05T23:32:01+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:1547", "initial_release_date": "2021-05-12T08:38:23+00:00", "revision_history": [ { "date": "2021-05-12T08:38:23+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-05-12T08:38:23+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:32:01+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7" } } } ], "category": "product_family", "name": ".NET Core on Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "product_id": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-aspnetcore-runtime-3.1@3.1.15-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "product_id": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-aspnetcore-targeting-pack-3.1@3.1.15-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.115-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-apphost-pack-3.1@3.1.15-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-host@3.1.15-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-hostfxr-3.1@3.1.15-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-runtime-3.1@3.1.15-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-sdk-3.1@3.1.115-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-targeting-pack-3.1@3.1.15-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-templates-3.1@3.1.115-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64", "product_id": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-netstandard-targeting-pack-2.1@3.1.115-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-debuginfo@3.1.115-1.el7_9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src", "product": { "name": "rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src", "product_id": "rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.115-1.el7_9?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-31204", "cwe": { "id": "CWE-273", "name": "Improper Check for Dropped Privileges" }, "discovery_date": "2021-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956815" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. A .NET Core single-file application running with elevated permissions could allow an attacker to gain elevated privileges. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: .NET Core single-file application privilege escalation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31204" }, { "category": "external", "summary": "RHBZ#1956815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956815" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31204", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31204" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31204", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31204" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/185", "url": "https://github.com/dotnet/announcements/issues/185" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31204", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31204" } ], "release_date": "2021-05-11T16:59:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-12T08:38:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1547" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.115-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.115-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.115-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.15-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.115-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.115-1.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: .NET Core single-file application privilege escalation" } ] }
rhsa-2021_2037
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.115 and .NET Core Runtime 3.1.15.\n\nSecurity Fix(es):\n\n* dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nIn order for the update to be complete, self-contained applications deployed using previous versions need to be recompiled and redeployed.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2037", "url": "https://access.redhat.com/errata/RHSA-2021:2037" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1956815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956815" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2037.json" } ], "title": "Red Hat Security Advisory: dotnet3.1 security and bugfix update", "tracking": { "current_release_date": "2024-11-05T23:36:16+00:00", "generator": { "date": "2024-11-05T23:36:16+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:2037", "initial_release_date": "2021-05-19T10:01:22+00:00", "revision_history": [ { "date": "2021-05-19T10:01:22+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-05-19T10:01:22+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:36:16+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "aspnetcore-runtime-3.1-0:3.1.15-1.el8_4.x86_64", "product": { "name": "aspnetcore-runtime-3.1-0:3.1.15-1.el8_4.x86_64", "product_id": "aspnetcore-runtime-3.1-0:3.1.15-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-runtime-3.1@3.1.15-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "aspnetcore-targeting-pack-3.1-0:3.1.15-1.el8_4.x86_64", "product": { "name": "aspnetcore-targeting-pack-3.1-0:3.1.15-1.el8_4.x86_64", "product_id": "aspnetcore-targeting-pack-3.1-0:3.1.15-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-3.1@3.1.15-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-3.1-0:3.1.15-1.el8_4.x86_64", "product": { "name": "dotnet-apphost-pack-3.1-0:3.1.15-1.el8_4.x86_64", "product_id": "dotnet-apphost-pack-3.1-0:3.1.15-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-3.1@3.1.15-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-3.1-0:3.1.15-1.el8_4.x86_64", "product": { "name": "dotnet-hostfxr-3.1-0:3.1.15-1.el8_4.x86_64", "product_id": "dotnet-hostfxr-3.1-0:3.1.15-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-3.1@3.1.15-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-3.1-0:3.1.15-1.el8_4.x86_64", "product": { "name": "dotnet-runtime-3.1-0:3.1.15-1.el8_4.x86_64", "product_id": "dotnet-runtime-3.1-0:3.1.15-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-3.1@3.1.15-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-3.1-0:3.1.115-1.el8_4.x86_64", "product": { "name": "dotnet-sdk-3.1-0:3.1.115-1.el8_4.x86_64", "product_id": "dotnet-sdk-3.1-0:3.1.115-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-3.1@3.1.115-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-targeting-pack-3.1-0:3.1.15-1.el8_4.x86_64", "product": { "name": "dotnet-targeting-pack-3.1-0:3.1.15-1.el8_4.x86_64", "product_id": "dotnet-targeting-pack-3.1-0:3.1.15-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-targeting-pack-3.1@3.1.15-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-templates-3.1-0:3.1.115-1.el8_4.x86_64", "product": { "name": "dotnet-templates-3.1-0:3.1.115-1.el8_4.x86_64", "product_id": "dotnet-templates-3.1-0:3.1.115-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-templates-3.1@3.1.115-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet3.1-debugsource-0:3.1.115-1.el8_4.x86_64", "product": { "name": "dotnet3.1-debugsource-0:3.1.115-1.el8_4.x86_64", "product_id": "dotnet3.1-debugsource-0:3.1.115-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet3.1-debugsource@3.1.115-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "product": { "name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "product_id": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-3.1-debuginfo@3.1.15-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "product": { "name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "product_id": "dotnet-hostfxr-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-3.1-debuginfo@3.1.15-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "product": { "name": "dotnet-runtime-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "product_id": "dotnet-runtime-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-3.1-debuginfo@3.1.15-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-3.1-debuginfo-0:3.1.115-1.el8_4.x86_64", "product": { "name": "dotnet-sdk-3.1-debuginfo-0:3.1.115-1.el8_4.x86_64", "product_id": "dotnet-sdk-3.1-debuginfo-0:3.1.115-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-3.1-debuginfo@3.1.115-1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet3.1-debuginfo-0:3.1.115-1.el8_4.x86_64", "product": { "name": "dotnet3.1-debuginfo-0:3.1.115-1.el8_4.x86_64", "product_id": "dotnet3.1-debuginfo-0:3.1.115-1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet3.1-debuginfo@3.1.115-1.el8_4?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "dotnet3.1-0:3.1.115-1.el8_4.src", "product": { "name": "dotnet3.1-0:3.1.115-1.el8_4.src", "product_id": "dotnet3.1-0:3.1.115-1.el8_4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet3.1@3.1.115-1.el8_4?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-3.1-0:3.1.15-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.15-1.el8_4.x86_64" }, "product_reference": "aspnetcore-runtime-3.1-0:3.1.15-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-3.1-0:3.1.15-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.15-1.el8_4.x86_64" }, "product_reference": "aspnetcore-targeting-pack-3.1-0:3.1.15-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-3.1-0:3.1.15-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.15-1.el8_4.x86_64" }, "product_reference": "dotnet-apphost-pack-3.1-0:3.1.15-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64" }, "product_reference": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-3.1-0:3.1.15-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.15-1.el8_4.x86_64" }, "product_reference": "dotnet-hostfxr-3.1-0:3.1.15-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64" }, "product_reference": "dotnet-hostfxr-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-3.1-0:3.1.15-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.15-1.el8_4.x86_64" }, "product_reference": "dotnet-runtime-3.1-0:3.1.15-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64" }, "product_reference": "dotnet-runtime-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-3.1-0:3.1.115-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.115-1.el8_4.x86_64" }, "product_reference": "dotnet-sdk-3.1-0:3.1.115-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-3.1-debuginfo-0:3.1.115-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.115-1.el8_4.x86_64" }, "product_reference": "dotnet-sdk-3.1-debuginfo-0:3.1.115-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-3.1-0:3.1.15-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.15-1.el8_4.x86_64" }, "product_reference": "dotnet-targeting-pack-3.1-0:3.1.15-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-3.1-0:3.1.115-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.115-1.el8_4.x86_64" }, "product_reference": "dotnet-templates-3.1-0:3.1.115-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet3.1-0:3.1.115-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet3.1-0:3.1.115-1.el8_4.src" }, "product_reference": "dotnet3.1-0:3.1.115-1.el8_4.src", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet3.1-debuginfo-0:3.1.115-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.115-1.el8_4.x86_64" }, "product_reference": "dotnet3.1-debuginfo-0:3.1.115-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet3.1-debugsource-0:3.1.115-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.115-1.el8_4.x86_64" }, "product_reference": "dotnet3.1-debugsource-0:3.1.115-1.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-31204", "cwe": { "id": "CWE-273", "name": "Improper Check for Dropped Privileges" }, "discovery_date": "2021-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956815" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. A .NET Core single-file application running with elevated permissions could allow an attacker to gain elevated privileges. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: .NET Core single-file application privilege escalation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.115-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.115-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.115-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet3.1-0:3.1.115-1.el8_4.src", "AppStream-8.4.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.115-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.115-1.el8_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31204" }, { "category": "external", "summary": "RHBZ#1956815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956815" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31204", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31204" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31204", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31204" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/185", "url": "https://github.com/dotnet/announcements/issues/185" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31204", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31204" } ], "release_date": "2021-05-11T16:59:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-19T10:01:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.115-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.115-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.115-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet3.1-0:3.1.115-1.el8_4.src", "AppStream-8.4.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.115-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.115-1.el8_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2037" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.115-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.115-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.15-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.115-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet3.1-0:3.1.115-1.el8_4.src", "AppStream-8.4.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.115-1.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.115-1.el8_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: .NET Core single-file application privilege escalation" } ] }
var-202105-1253
Vulnerability from variot
.NET and Visual Studio Elevation of Privilege Vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A flaw was found in dotnet. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:1546-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1546 Issue date: 2021-05-12 CVE Names: CVE-2021-31204 ==================================================================== 1. Summary:
An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.203 and .NET Runtime 5.0.6.
Security Fix(es):
- dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)
In order for the update to be complete, self-contained applications deployed using previous versions need to be recompiled and redeployed.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1956815 - CVE-2021-31204 dotnet: .NET Core single-file application privilege escalation
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-31204 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYJuTg9zjgjWX9erEAQi24A/+IQHDppohTDfSg+JLDlRUTIQgwofJr5sa nNxTqZqvbp+qS4q1c/C2rBtRMGwkwn3Nb1+4ea3rUcl9M2vw4ijRK1CVGiBdFUyV k+Mfj3bdBgMovspyNF/Y2vV0419hLGFRZQUIK59naa86wJWvjLpUf5fX88J65R/P O19JYiJKQKudF8LY4KDYU3uRbPJ+Fpi7mv/BLHzxFdoRclHyDhLgtiNg7fn1yDOS pZUV8fi/R4LB65hVqgrJIIJp+nut1RLrb41hPWFS+n3tG48k132D5bIQ4M5qk1nL VpiKAAKLlDtUrlsDsQHmX2Rwa+fKVK1Am1lxI5hhlGa025uzB/WvlWlxvULk+fa2 LFkEdoDfvMKEIvEhnYnpDy5w1VJqW3QcshmOWmCzqpYZVxWpsDS067uh2+b2uaHd y/Na92kAJ2x3Zl6NfXkcGYLzXKJDWH43ngjQmW2tcoGRdh8S287QCEmMA72lDd+M NWsK7q+UsX7O5INSsWja+dp1VKlbfw+Fzc8OS5ozCHZyl0ubUf2meCMwqJlsOTtg Wpj77OODn658HyJ31ItdFLOY4ftKm/SfFku11HIrmuUS8UTvuWz/Skwd1gQ2nYgv vJQSGsESo1M4SqcvPmj//ljMk3RAzxFjh2is0/3KmSe8mqFfLiuG2Wy+KpFvlGPD ryjzBqi6068=tgxd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202105-1253", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": ".net", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "5.0" }, { "model": ".net core", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "3.1.14" }, { "model": "visual studio 2019", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "16.5.0" }, { "model": ".net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "3.1" }, { "model": "visual studio 2019", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "16.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "visual studio 2019", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "16.7.15" }, { "model": ".net", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "5.0.5" }, { "model": "visual studio 2019", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "16.4.22" }, { "model": "visual studio 2019", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "16.9.5" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "33" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "32" }, { "model": "visual studio 2019", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "16.8.0" }, { "model": "visual studio 2019", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "8.9" }, { "model": "microsoft visual studio", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": ".net core", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": ".net", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001514" }, { "db": "NVD", "id": "CVE-2021-31204" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "16.9.5", "versionStartIncluding": "16.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "16.7.15", "versionStartIncluding": "16.5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "16.4.22", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:8.9:*:*:*:*:macos:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.0.5", "versionStartIncluding": "5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.1.14", "versionStartIncluding": "3.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31204" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162702" }, { "db": "PACKETSTORM", "id": "162706" }, { "db": "PACKETSTORM", "id": "162553" }, { "db": "PACKETSTORM", "id": "162552" }, { "db": "CNNVD", "id": "CNNVD-202105-624" } ], "trust": 1.0 }, "cve": "CVE-2021-31204", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-31204", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "secure@microsoft.com", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.3, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-31204", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-31204", "trust": 1.8, "value": "HIGH" }, { "author": "secure@microsoft.com", "id": "CVE-2021-31204", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202105-624", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-31204", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-31204" }, { "db": "JVNDB", "id": "JVNDB-2021-001514" }, { "db": "NVD", "id": "CVE-2021-31204" }, { "db": "NVD", "id": "CVE-2021-31204" }, { "db": "CNNVD", "id": "CNNVD-202105-624" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": ".NET and Visual Studio Elevation of Privilege Vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A flaw was found in dotnet. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update\nAdvisory ID: RHSA-2021:1546-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1546\nIssue date: 2021-05-12\nCVE Names: CVE-2021-31204\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet50-dotnet is now available for .NET on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now\navailable. The updated versions are .NET SDK 5.0.203 and .NET Runtime\n5.0.6. \n\nSecurity Fix(es):\n\n* dotnet: .NET Core single-file application privilege escalation\n(CVE-2021-31204)\n\nIn order for the update to be complete, self-contained applications\ndeployed using previous versions need to be recompiled and redeployed. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1956815 - CVE-2021-31204 dotnet: .NET Core single-file application privilege escalation\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-31204\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYJuTg9zjgjWX9erEAQi24A/+IQHDppohTDfSg+JLDlRUTIQgwofJr5sa\nnNxTqZqvbp+qS4q1c/C2rBtRMGwkwn3Nb1+4ea3rUcl9M2vw4ijRK1CVGiBdFUyV\nk+Mfj3bdBgMovspyNF/Y2vV0419hLGFRZQUIK59naa86wJWvjLpUf5fX88J65R/P\nO19JYiJKQKudF8LY4KDYU3uRbPJ+Fpi7mv/BLHzxFdoRclHyDhLgtiNg7fn1yDOS\npZUV8fi/R4LB65hVqgrJIIJp+nut1RLrb41hPWFS+n3tG48k132D5bIQ4M5qk1nL\nVpiKAAKLlDtUrlsDsQHmX2Rwa+fKVK1Am1lxI5hhlGa025uzB/WvlWlxvULk+fa2\nLFkEdoDfvMKEIvEhnYnpDy5w1VJqW3QcshmOWmCzqpYZVxWpsDS067uh2+b2uaHd\ny/Na92kAJ2x3Zl6NfXkcGYLzXKJDWH43ngjQmW2tcoGRdh8S287QCEmMA72lDd+M\nNWsK7q+UsX7O5INSsWja+dp1VKlbfw+Fzc8OS5ozCHZyl0ubUf2meCMwqJlsOTtg\nWpj77OODn658HyJ31ItdFLOY4ftKm/SfFku11HIrmuUS8UTvuWz/Skwd1gQ2nYgv\nvJQSGsESo1M4SqcvPmj//ljMk3RAzxFjh2is0/3KmSe8mqFfLiuG2Wy+KpFvlGPD\nryjzBqi6068=tgxd\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2021-31204" }, { "db": "JVNDB", "id": "JVNDB-2021-001514" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-31204" }, { "db": "PACKETSTORM", "id": "162702" }, { "db": "PACKETSTORM", "id": "162706" }, { "db": "PACKETSTORM", "id": "162553" }, { "db": "PACKETSTORM", "id": "162552" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-31204", "trust": 2.9 }, { "db": "JVNDB", "id": "JVNDB-2021-001514", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162702", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "162552", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021052223", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021051320", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021051141", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021052517", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1630", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1760", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202105-624", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-31204", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162706", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162553", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-31204" }, { "db": "JVNDB", "id": "JVNDB-2021-001514" }, { "db": "PACKETSTORM", "id": "162702" }, { "db": "PACKETSTORM", "id": "162706" }, { "db": "PACKETSTORM", "id": "162553" }, { "db": "PACKETSTORM", "id": "162552" }, { "db": "NVD", "id": "CVE-2021-31204" }, { "db": "CNNVD", "id": "CNNVD-202105-624" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "id": "VAR-202105-1253", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2024-01-03T10:13:58.745000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": ".NET\u00a0and\u00a0Visual\u00a0Studio\u00a0Elevation\u00a0of\u00a0Privilege\u00a0Vulnerability Security Update Guide", "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4f3vm3rmpe7pnnlli3bpcsaxitqzcfca/" }, { "title": "Microsoft Visual Studio Fixes for permissions and access control issues vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=151246" }, { "title": "Red Hat: CVE-2021-31204", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-31204" }, { "title": "Arch Linux Advisories: [ASA-202105-22] dotnet-runtime-3.1: privilege escalation", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202105-22" }, { "title": "Arch Linux Advisories: [ASA-202105-20] dotnet-sdk: privilege escalation", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202105-20" }, { "title": "Arch Linux Advisories: [ASA-202105-21] dotnet-runtime: privilege escalation", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202105-21" }, { "title": "Arch Linux Advisories: [ASA-202105-23] dotnet-sdk-3.1: privilege escalation", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202105-23" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-31204 log" }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/wormable-windows-bug-dos-rce/166057/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-31204" }, { "db": "JVNDB", "id": "JVNDB-2021-001514" }, { "db": "CNNVD", "id": "CNNVD-202105-624" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Improper authority management (CWE-269) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001514" }, { "db": "NVD", "id": "CVE-2021-31204" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-31204" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31204" }, { "trust": 1.1, "url": "https://access.redhat.com/security/cve/cve-2021-31204" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4f3vm3rmpe7pnnlli3bpcsaxitqzcfca/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6m7kl3kthjvqnra3cwfutesqjarqehsz/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fvmwzpf4fr6jpfsnaidiudulhzjbvcw6/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lfxjpquyuitjmv75yn3xige3kkn5gocu/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/uv4itb3sudgr23g7xaluvkfjmzerfukf/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zwf25z3cz6lycohz7fpsfaq426jubuz4/" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20210512-ms.html" }, { "trust": 0.8, "url": "https://www.jpcert.or.jp/at/2021/at210024.html" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/fvmwzpf4fr6jpfsnaidiudulhzjbvcw6/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/uv4itb3sudgr23g7xaluvkfjmzerfukf/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4f3vm3rmpe7pnnlli3bpcsaxitqzcfca/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6m7kl3kthjvqnra3cwfutesqjarqehsz/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lfxjpquyuitjmv75yn3xige3kkn5gocu/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zwf25z3cz6lycohz7fpsfaq426jubuz4/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-may-2021-35383" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021051320" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162702/red-hat-security-advisory-2021-2037-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162552/red-hat-security-advisory-2021-1546-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021052223" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1630" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1760" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021052517" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021051141" }, { "trust": 0.6, "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-31204" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.4, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.4, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/269.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://threatpost.com/wormable-windows-bug-dos-rce/166057/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2037" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2036" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1547" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1546" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-31204" }, { "db": "JVNDB", "id": "JVNDB-2021-001514" }, { "db": "PACKETSTORM", "id": "162702" }, { "db": "PACKETSTORM", "id": "162706" }, { "db": "PACKETSTORM", "id": "162553" }, { "db": "PACKETSTORM", "id": "162552" }, { "db": "NVD", "id": "CVE-2021-31204" }, { "db": "CNNVD", "id": "CNNVD-202105-624" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-31204" }, { "db": "JVNDB", "id": "JVNDB-2021-001514" }, { "db": "PACKETSTORM", "id": "162702" }, { "db": "PACKETSTORM", "id": "162706" }, { "db": "PACKETSTORM", "id": "162553" }, { "db": "PACKETSTORM", "id": "162552" }, { "db": "NVD", "id": "CVE-2021-31204" }, { "db": "CNNVD", "id": "CNNVD-202105-624" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-05-11T00:00:00", "db": "VULMON", "id": "CVE-2021-31204" }, { "date": "2021-05-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-001514" }, { "date": "2021-05-19T14:23:23", "db": "PACKETSTORM", "id": "162702" }, { "date": "2021-05-19T14:23:53", "db": "PACKETSTORM", "id": "162706" }, { "date": "2021-05-12T13:53:06", "db": "PACKETSTORM", "id": "162553" }, { "date": "2021-05-12T13:52:59", "db": "PACKETSTORM", "id": "162552" }, { "date": "2021-05-11T19:15:10.327000", "db": "NVD", "id": "CVE-2021-31204" }, { "date": "2021-05-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-624" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-07T00:00:00", "db": "VULMON", "id": "CVE-2021-31204" }, { "date": "2021-05-26T09:07:00", "db": "JVNDB", "id": "JVNDB-2021-001514" }, { "date": "2023-12-29T00:15:49.127000", "db": "NVD", "id": "CVE-2021-31204" }, { "date": "2022-05-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-624" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-624" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": ".NET\u00a0 and \u00a0Microsoft\u00a0Visual\u00a0Studio\u00a0 Vulnerability to elevate privileges in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001514" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-624" } ], "trust": 0.6 } }
gsd-2021-31204
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2021-31204", "description": ".NET and Visual Studio Elevation of Privilege Vulnerability", "id": "GSD-2021-31204", "references": [ "https://access.redhat.com/errata/RHSA-2021:2037", "https://access.redhat.com/errata/RHSA-2021:2036", "https://access.redhat.com/errata/RHSA-2021:1547", "https://access.redhat.com/errata/RHSA-2021:1546", "https://security.archlinux.org/CVE-2021-31204", "https://linux.oracle.com/cve/CVE-2021-31204.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-31204" ], "details": ".NET and Visual Studio Elevation of Privilege Vulnerability", "id": "GSD-2021-31204", "modified": "2023-12-13T01:23:13.674211Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2021-31204", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": ".NET Core 3.1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "3.1", "version_value": "3.1.15-servicing.21214.3" } ] } }, { "product_name": ".NET 5.0", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "5.0.0", "version_value": "5.0.6-servicing.21220.11" } ] } }, { "product_name": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "15.0.0", "version_value": "publication" } ] } }, { "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "16.0", "version_value": "publication" } ] } }, { "product_name": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "16.0.0", "version_value": "publication" } ] } }, { "product_name": "Visual Studio 2019 for Mac version 8.9", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "8.0", "version_value": "publication" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": ".NET and Visual Studio Elevation of Privilege Vulnerability" } ] }, "impact": { "cvss": [ { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of Privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FVMWZPF4FR6JPFSNAIDIUDULHZJBVCW6/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FVMWZPF4FR6JPFSNAIDIUDULHZJBVCW6/" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6M7KL3KTHJVQNRA3CWFUTESQJARQEHSZ/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6M7KL3KTHJVQNRA3CWFUTESQJARQEHSZ/" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F3VM3RMPE7PNNLLI3BPCSAXITQZCFCA/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F3VM3RMPE7PNNLLI3BPCSAXITQZCFCA/" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWF25Z3CZ6LYCOHZ7FPSFAQ426JUBUZ4/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWF25Z3CZ6LYCOHZ7FPSFAQ426JUBUZ4/" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UV4ITB3SUDGR23G7XALUVKFJMZERFUKF/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UV4ITB3SUDGR23G7XALUVKFJMZERFUKF/" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFXJPQUYUITJMV75YN3XIGE3KKN5GOCU/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFXJPQUYUITJMV75YN3XIGE3KKN5GOCU/" } ] } }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "matchCriteriaId": "954DB6AC-B6A8-4FF1-A60C-6531FB2D7C55", "versionEndIncluding": "5.0.5", "versionStartIncluding": "5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1FBEF1B-5F64-4665-9AD5-3A8CD1ECE92A", "versionEndIncluding": "3.1.14", "versionStartIncluding": "3.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "45AADF74-7D19-4262-887F-EF8527B3D1C9", "versionEndExcluding": "16.4.22", "versionStartIncluding": "16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "F72FE4AE-BD01-4D58-A5C6-E4480CE65643", "versionEndExcluding": "16.7.15", "versionStartIncluding": "16.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "D40BD6DF-6594-4FBB-8B6F-36F4E1809E8B", "versionEndExcluding": "16.9.5", "versionStartIncluding": "16.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:8.9:*:*:*:*:macos:*:*", "matchCriteriaId": "D6AD9B85-5106-4D1D-B32A-0585F3E89DF5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": ".NET and Visual Studio Elevation of Privilege Vulnerability" }, { "lang": "es", "value": "Una vulnerabilidad de Escalada de Privilegios de .NET y Visual Studio" } ], "id": "CVE-2021-31204", "lastModified": "2023-12-29T00:15:49.127", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Secondary" } ] }, "published": "2021-05-11T19:15:10.327", "references": [ { "source": "secure@microsoft.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F3VM3RMPE7PNNLLI3BPCSAXITQZCFCA/" }, { "source": "secure@microsoft.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6M7KL3KTHJVQNRA3CWFUTESQJARQEHSZ/" }, { "source": "secure@microsoft.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FVMWZPF4FR6JPFSNAIDIUDULHZJBVCW6/" }, { "source": "secure@microsoft.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFXJPQUYUITJMV75YN3XIGE3KKN5GOCU/" }, { "source": "secure@microsoft.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UV4ITB3SUDGR23G7XALUVKFJMZERFUKF/" }, { "source": "secure@microsoft.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWF25Z3CZ6LYCOHZ7FPSFAQ426JUBUZ4/" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] } } } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.