Candidate: CVE-2018-8292
PublicDate: 2018-10-10 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8292
 https://access.redhat.com/errata/RHSA-2018:2902
 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292
Description:
 An information disclosure vulnerability exists in .NET Core when
 authentication information is inadvertently exposed in a redirect, aka
 ".NET Core Information Disclosure Vulnerability." This affects .NET Core
 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.
Ubuntu-Description:
Notes:
 mdeslaur> fix in 1.1.10 is:
 mdeslaur> https://github.com/dotnet/corefx/commit/56aae8a7076f283e334b88f642ef6bb7c59e02c3
 mdeslaur> this code doesn't look like it's present in the mono package
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_mono:
upstream_mono: needs-triage
precise/esm_mono: DNE
trusty_mono: not-affected (code not present)
trusty/esm_mono: not-affected (code not present)
xenial_mono: not-affected (code not present)
esm-infra/xenial_mono: not-affected (code not present)
bionic_mono: not-affected (code not present)
devel_mono: not-affected (code not present)