{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36558", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2023-06-23T20:11:38.789Z", "datePublished": "2023-11-14T21:35:31.499Z", "dateUpdated": "2024-08-02T16:52:52.402Z"}, "containers": {"cna": {"title": "ASP.NET Core - Security Feature Bypass Vulnerability", "datePublic": "2023-11-14T08:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": ".NET 6.0", "cpes": ["cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "6.0.0", "lessThan": "6.0.25", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "ASP.NET Core 6.0", "cpes": ["cpe:2.3:a:microsoft:asp.net_core:6.0:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "6.0", "lessThan": "6.0.25", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET 7.0", "cpes": ["cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "7.0.0", "lessThan": "7.0.14", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.2", "cpes": ["cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "17.2.0", "lessThan": "17.2.22", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET 8.0", "cpes": ["cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "1.0.0", "lessThan": "8.0.0", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.4", "cpes": ["cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "17.4.0", "lessThan": "17.4.14", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.6", "cpes": ["cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "17.6.0", "lessThan": "17.6.10", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.7", "cpes": ["cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "17.7.0", "lessThan": "17.7.7", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "ASP.NET Core 7.0", "cpes": ["cpe:2.3:a:microsoft:asp.net_core:7.0:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "7.0.0", "lessThan": "7.0.14", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "ASP.NET Core 8.0", "cpes": ["cpe:2.3:a:microsoft:asp.net_core:8.0:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "1.0.0", "lessThan": "8.0.0", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "ASP.NET Core - Security Feature Bypass Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Security Feature Bypass", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-05-29T01:21:10.813Z"}, "references": [{"name": "ASP.NET Core - Security Feature Bypass Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-28T14:17:29.323763Z", "id": "CVE-2023-36558", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-28T14:17:40.113Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:52:52.402Z"}, "title": "CVE Program Container", "references": [{"name": "ASP.NET Core - Security Feature Bypass Vulnerability", "tags": ["vendor-advisory", "x_transferred"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558", "name": "ASP.NET Core - Security Feature Bypass Vulnerability", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:52:52.402Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-36558", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-28T14:17:29.323763Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-28T14:17:33.780Z"}}], "cna": {"title": "ASP.NET Core - Security Feature Bypass Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 6.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": ".NET 6.0", "versions": [{"status": "affected", "version": "6.0.0", "lessThan": "6.0.25", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:asp.net_core:6.0:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "ASP.NET Core 6.0", "versions": [{"status": "affected", "version": "6.0", "lessThan": "6.0.25", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": ".NET 7.0", "versions": [{"status": "affected", "version": "7.0.0", "lessThan": "7.0.14", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.2", "versions": [{"status": "affected", "version": "17.2.0", "lessThan": "17.2.22", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": ".NET 8.0", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "8.0.0", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.4", "versions": [{"status": "affected", "version": "17.4.0", "lessThan": "17.4.14", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.6", "versions": [{"status": "affected", "version": "17.6.0", "lessThan": "17.6.10", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.7", "versions": [{"status": "affected", "version": "17.7.0", "lessThan": "17.7.7", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:asp.net_core:7.0:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "ASP.NET Core 7.0", "versions": [{"status": "affected", "version": "7.0.0", "lessThan": "7.0.14", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:asp.net_core:8.0:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "ASP.NET Core 8.0", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "8.0.0", "versionType": "custom"}], "platforms": ["Unknown"]}], "datePublic": "2023-11-14T08:00:00+00:00", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558", "name": "ASP.NET Core - Security Feature Bypass Vulnerability", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en-US", "value": "ASP.NET Core - Security Feature Bypass Vulnerability"}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "Impact", "description": "Security Feature Bypass"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-05-29T01:21:10.813Z"}}}, "cveMetadata": {"cveId": "CVE-2023-36558", "state": "PUBLISHED", "dateUpdated": "2024-08-02T16:52:52.402Z", "dateReserved": "2023-06-23T20:11:38.789Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2023-11-14T21:35:31.499Z", "assignerShortName": "microsoft"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC1456FF-8BB7-4D7D-A03E-22A2CDE8A094", "versionEndExcluding": "6.0.25", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "matchCriteriaId": "73A23066-A84B-4E76-B0ED-63BA1A9C1263", "versionEndExcluding": "7.0.14", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "5F3CB225-CDF6-4730-A20C-891AB87CBB9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net:8.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "6F9C3F37-0A3B-45D4-86B1-B42FDA8D8EA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "C29B573F-A45D-440B-913F-27AB0A46BCA2", "versionEndExcluding": "6.0.25", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "E923109F-46CA-4581-933D-D65C83D72390", "versionEndExcluding": "7.0.14", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:8.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "81F3914E-4A24-4434-8487-31F45948BE86", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EABB880-0CBA-45CD-A197-CB1EE1710061", "versionEndExcluding": "17.2.22", "versionStartIncluding": "17.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCC513DB-075E-4D09-B289-902F3C16BFB7", "versionEndExcluding": "17.4.14", "versionStartIncluding": "17.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "56738F2F-8802-4ADB-AC7C-9BAD67626C75", "versionEndExcluding": "17.6.10", "versionStartIncluding": "17.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD1B0CE9-6A87-47DC-A27B-9587A6B5B45D", "versionEndExcluding": "17.7.7", "versionStartIncluding": "17.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ASP.NET Core - Security Feature Bypass Vulnerability"}, {"lang": "es", "value": "Vulnerabilidad de omisi\u00f3n de funciones de seguridad en ASP.NET Core"}], "id": "CVE-2023-36558", "lastModified": "2023-11-21T20:01:19.307", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "secure@microsoft.com", "type": "Secondary"}]}, "published": "2023-11-14T22:15:29.323", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7259", "cpe": "cpe:/a:redhat:rhel_dotnet:6.0::el7", "package": "rh-dotnet60-dotnet-0:6.0.125-1.el7_9", "product_name": ".NET Core on Red Hat Enterprise Linux", "release_date": "2023-11-15T00:00:00Z"}, {"advisory": "RHSA-2023:7254", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet8.0-0:8.0.100-2.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-15T00:00:00Z"}, {"advisory": "RHSA-2023:7256", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet7.0-0:7.0.114-1.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-15T00:00:00Z"}, {"advisory": "RHSA-2023:7258", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet6.0-0:6.0.125-1.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-15T00:00:00Z"}, {"advisory": "RHSA-2023:7253", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "dotnet8.0-0:8.0.100-2.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-15T00:00:00Z"}, {"advisory": "RHSA-2023:7255", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "dotnet7.0-0:7.0.114-1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-15T00:00:00Z"}, {"advisory": "RHSA-2023:7257", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "dotnet6.0-0:6.0.125-1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-15T00:00:00Z"}], "bugzilla": {"description": "dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms", "id": "2247750", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247750"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "details": ["ASP.NET Core - Security Feature Bypass Vulnerability", "A security feature bypass vulnerability was found in Blazor forms in ASP.NET in the .NET package."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-36558", "public_date": "2023-11-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-36558\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36558"], "threat_severity": "Moderate"}