What is CVE-2018-8292?

CVE-2018-8292 is a vulnerability in Microsoft .Net Core. Published 2018-10-10.

Is CVE-2018-8292 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft .Net Core

CVE-2018-8292

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core…

EPSS: 0.081 (92.3th percentile) — read the EPSS interpretation.

Affected products

Microsoft .Net Core — versions 1.0, 1.1, 2.1
Microsoft Powershell Core — versions 6.0

Public proof-of-concept exploits

StasJS/TrivyDepsFalsePositive
dotnet-felickz/vulnerable-dependencies

References

RHSA-2018:2902 (vendor-advisory, x_refsource_REDHAT)
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292 (x_refsource_CONFIRM)
105548 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2018-8292?: CVE-2018-8292 is a vulnerability in Microsoft .Net Core. Published 2018-10-10.
Is CVE-2018-8292 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.