Vulnerability CVE-2023-36558: Information

Description

ASP.NET Core - Security Feature Bypass Vulnerability

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-36558

Published: Nov. 15, 2023

Modified: Nov. 21, 2023

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
dotnet-bootstrap-6.0	sisyphus	6.0.25-alt1	6.0.25-alt1	ALT-PU-2024-1069-2	337852	Fixed
dotnet-bootstrap-6.0	p10	6.0.25-alt1	6.0.25-alt1	ALT-PU-2024-2763-2	341218	Fixed
dotnet-bootstrap-6.0	p11	6.0.25-alt1	6.0.25-alt1	ALT-PU-2024-1069-2	337852	Fixed
dotnet-bootstrap-7.0	sisyphus	7.0.14-alt1	7.0.17-alt1	ALT-PU-2024-1066-2	337851	Fixed
dotnet-bootstrap-7.0	p10	7.0.14-alt1	7.0.14-alt1	ALT-PU-2024-2767-2	341218	Fixed
dotnet-bootstrap-7.0	p11	7.0.14-alt1	7.0.17-alt1	ALT-PU-2024-1066-2	337851	Fixed
dotnet-bootstrap-8.0	sisyphus	8.0.2-alt1	8.0.3-alt1	ALT-PU-2024-2556-1	341007	In work
dotnet-bootstrap-8.0	p10	8.0.2-alt1	8.0.2-alt1	ALT-PU-2024-2556-1	341007	In work
dotnet-bootstrap-8.0	p11	8.0.2-alt1	8.0.3-alt1	ALT-PU-2024-2556-1	341007	In work
dotnet-runtime-6.0	sisyphus	6.0.25-alt1	6.0.25-alt1	ALT-PU-2024-1068-2	337852	Fixed
dotnet-runtime-6.0	p10	6.0.25-alt1	6.0.25-alt1	ALT-PU-2024-2761-2	341218	Fixed
dotnet-runtime-6.0	p11	6.0.25-alt1	6.0.25-alt1	ALT-PU-2024-1068-2	337852	Fixed
dotnet-runtime-7.0	sisyphus	7.0.14-alt1	7.0.17-alt1	ALT-PU-2024-1067-2	337851	Fixed
dotnet-runtime-7.0	p10	7.0.14-alt1	7.0.14-alt1	ALT-PU-2024-2765-2	341218	Fixed
dotnet-runtime-7.0	p11	7.0.14-alt1	7.0.17-alt1	ALT-PU-2024-1067-2	337851	Fixed
dotnet-runtime-8.0	sisyphus	8.0.2-alt1	8.0.3-alt1	ALT-PU-2024-2554-2	341007	In work
dotnet-runtime-8.0	p10	8.0.2-alt1	8.0.2-alt1	ALT-PU-2024-2554-2	341007	In work
dotnet-runtime-8.0	p11	8.0.2-alt1	8.0.3-alt1	ALT-PU-2024-2554-2	341007	In work
dotnet-sdk-8.0	sisyphus	8.0.102-alt1	8.0.103-alt1	ALT-PU-2024-2557-2	341007	In work
dotnet-sdk-8.0	p10	8.0.102-alt1	8.0.102-alt2	ALT-PU-2024-2557-2	341007	In work
dotnet-sdk-8.0	p11	8.0.102-alt1	8.0.103-alt1	ALT-PU-2024-2557-2	341007	In work

References to Advisories, Solutions, and Tools

Hyperlink	Resource
ASP.NET Core - Security Feature Bypass Vulnerability	Patch Vendor Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
  Start including
  17.7
  End excliding
  17.7.7
  cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
  Start including
  17.6
  End excliding
  17.6.10
  cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
  Start including
  17.4
  End excliding
  17.4.14
  cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
  Start including
  17.2
  End excliding
  17.2.22
  cpe:2.3:a:microsoft:.net:8.0.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net:8.0.0:rc2:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
  Start including
  7.0.0
  End excliding
  7.0.14
  cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
  Start including
  6.0.0
  End excliding
  6.0.25
  cpe:2.3:a:microsoft:asp.net_core:8.0.0:-:*:*:*:*:*:*
  cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*
  Start including
  7.0.0
  End excliding
  7.0.14
  cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*
  Start including
  6.0.0
  End excliding
  6.0.25

Version: v24.5.3

Vulnerability CVE-2023-36558: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1