Red Hat Enterprise Linux 8 update for .NET Core 3.1

1) Authorization bypass through user-controlled key

EUVDB-ID: #VU66815

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0613

CWE-ID: CWE-639 - Authorization Bypass Through User-Controlled Key

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to missing access checks. A remote attacker can manipulate values in the request to gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support: 8.6

Red Hat Enterprise Linux Server - TUS: 8.6

Red Hat Enterprise Linux Server - AUS: 8.6

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.6

dotnet3.1 (Red Hat package): 3.1.417-1.el8_5

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for x86_64: 8.0

External links

http://access.redhat.com/errata/RHBA-2022:1386

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.