gsd-2021-34532
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
ASP.NET Core and Visual Studio Information Disclosure Vulnerability
Aliases
Aliases
{ "GSD": { "alias": "CVE-2021-34532", "description": "ASP.NET Core and Visual Studio Information Disclosure Vulnerability", "id": "GSD-2021-34532", "references": [ "https://access.redhat.com/errata/RHSA-2021:3148", "https://access.redhat.com/errata/RHSA-2021:3147", "https://access.redhat.com/errata/RHSA-2021:3143", "https://access.redhat.com/errata/RHSA-2021:3142", "https://security.archlinux.org/CVE-2021-34532", "https://linux.oracle.com/cve/CVE-2021-34532.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-34532" ], "details": "ASP.NET Core and Visual Studio Information Disclosure Vulnerability", "id": "GSD-2021-34532", "modified": "2023-12-13T01:23:14.006113Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2021-34532", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ASP.NET Core 2.1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "2.0", "version_value": "2.1.29" } ] } }, { "product_name": "ASP.NET Core 3.1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "3.0", "version_value": "3.1.18" } ] } }, { "product_name": "ASP.NET Core 5.0", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "5.0", "version_value": "5.0.9" } ] } }, { "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "16.0", "version_value": "16.4.25" } ] } }, { "product_name": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "16.0.0", "version_value": "16.7.18" } ] } }, { "product_name": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "15.0.0", "version_value": "16.9.10" } ] } }, { "product_name": "Microsoft Visual Studio 2019 version 16.10 (includes 16.0 - 16.9)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "16.10.0", "version_value": "16.10.5" } ] } }, { "product_name": "Visual Studio 2019 for Mac version 8.10", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "8.1.0", "version_value": "8.10.7" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ASP.NET Core and Visual Studio Information Disclosure Vulnerability" } ] }, "impact": { "cvss": [ { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "[2.1,2.1.2],[3.1,3.1.17],[5.0,5.0.8]", "affected_versions": "All versions starting from 2.1 up to 2.1.2, all versions starting from 3.1 up to 3.1.17, all versions starting from 5.0 up to 5.0.8", "cvss_v2": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2021-08-18", "description": "The type of information that could be disclosed if an attacker successfully exploited this vulnerability is data inside the targeted website like IDs, tokens, nonces, and other sensitive information.", "fixed_versions": [ "2.1.30", "3.1.18", "5.0.9" ], "identifier": "CVE-2021-34532", "identifiers": [ "CVE-2021-34532" ], "not_impacted": "All versions before 2.1, all versions after 2.1.2 before 3.1, all versions after 3.1.17 before 5.0, all versions after 5.0.8", "package_slug": "nuget/Microsoft.AspNetCore.All", "pubdate": "2021-08-12", "solution": "Upgrade to versions 2.1.30, 3.1.18, 5.0.9 or above.", "title": "Exposure of Sensitive Information to an Unauthorized Actor", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-34532", "https://github.com/dotnet/announcements/issues/195", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532" ], "uuid": "80b89492-b87c-4794-a626-9cd32e5d2adf" }, { "affected_range": "(,2.1.29),[3.0.0,3.1.18),[5.0.0,5.0.9)", "affected_versions": "All versions before 2.1.29, all versions starting from 3.0.0 before 3.1.18, all versions starting from 5.0.0 before 5.0.9", "cvss_v2": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2021-10-21", "description": "ASP.NET Core and Visual Studio Information Disclosure Vulnerability", "fixed_versions": [ "2.1.29", "3.1.18", "5.0.9" ], "identifier": "CVE-2021-34532", "identifiers": [ "GHSA-q7cg-43mg-qp69", "CVE-2021-34532" ], "not_impacted": "All versions starting from 2.1.29 before 3.0.0, all versions starting from 3.1.18 before 5.0.0, all versions starting from 5.0.9", "package_slug": "nuget/Microsoft.AspNetCore.Authentication.JwtBearer", "pubdate": "2021-08-25", "solution": "Upgrade to versions 2.1.29, 3.1.18, 5.0.9 or above.", "title": "ASP.NET Core Information Disclosure Vulnerability", "urls": [ "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-q7cg-43mg-qp69", "https://nvd.nist.gov/vuln/detail/CVE-2021-34532", "https://github.com/advisories/GHSA-q7cg-43mg-qp69" ], "uuid": "c644bcef-ff0a-4c50-9b67-18d40aed5d75" } ] }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FBDFB3D-0F15-4861-990E-BEF60D40ACC8", "versionEndIncluding": "2.1.2", "versionStartIncluding": "2.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D6C55E5-4153-443B-8756-B711AB3ACEE9", "versionEndIncluding": "3.1.17", "versionStartIncluding": "3.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "7642F43F-3C68-44D1-8593-D6B30183C357", "versionEndIncluding": "5.0.8", "versionStartIncluding": "5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "26472C42-CDB4-4176-B10B-3BF26F5030E3", "versionEndIncluding": "16.10", "versionStartIncluding": "16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*", "matchCriteriaId": "BA547FFE-D557-4612-9840-EEE88ACF53AA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "ASP.NET Core and Visual Studio Information Disclosure Vulnerability" }, { "lang": "es", "value": "Una Vulnerabilidad de Divulgaci\u00f3n de Informaci\u00f3n en ASP.NET Core y Visual Studio" } ], "id": "CVE-2021-34532", "lastModified": "2023-12-28T20:15:49.673", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "secure@microsoft.com", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary" } ] }, "published": "2021-08-12T18:15:09.337", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] } } } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.