CVE-2023-33170
HIGH8.1EPSS 0.24%ASP.NET and Visual Studio Security Feature Bypass Vulnerability
Published: 7/11/2023Modified: 5/20/2025
Description
ASP.NET and Visual Studio Security Feature Bypass Vulnerability
Affected packages (16)
- Bitnami/dotnet>= 6.0.0, < 6.0.20, >= 7.0.0, < 7.0.9
- Bitnami/dotnet-sdk>= 6.0.0, < 6.0.20, >= 7.0.0, < 7.0.9
- NuGet/Microsoft.AspNetCore.App.Runtime.linux-armfrom 0, < 6.0.20
- NuGet/Microsoft.AspNetCore.App.Runtime.linux-arm64from 0, < 6.0.20
- NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-armfrom 0, < 6.0.20
- NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64from 0, < 6.0.20
- NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-x64>= 7.0.0, < 7.0.9
- NuGet/Microsoft.AspNetCore.App.Runtime.linux-x64from 0, < 6.0.20
- NuGet/Microsoft.AspNetCore.App.Runtime.osx-arm64>= 7.0.0, < 7.0.9
- NuGet/Microsoft.AspNetCore.App.Runtime.osx-x64from 0, < 6.0.20
- NuGet/Microsoft.AspNetCore.App.Runtime.win-armfrom 0, < 6.0.20
- NuGet/Microsoft.AspNetCore.App.Runtime.win-arm64from 0, < 6.0.20
- NuGet/Microsoft.AspNetCore.App.Runtime.win-x64from 0, < 6.0.20
- NuGet/Microsoft.AspNetCore.App.Runtime.win-x86from 0, < 6.0.20
- NuGet/Microsoft.AspNetCore.Identityfrom 0, < 2.1.39
- NuGet/Microsoft.AspNet.Identity.Owinfrom 0, < 2.2.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (13)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-33170
- PATCHhttps://github.com/dotnet/aspnetcore
- WEBhttps://github.com/dotnet/aspnetcore/issues/49334
- WEBhttps://github.com/dotnet/aspnetcore/security/advisories/GHSA-25c8-p796-jg6r
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO/
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR/
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG/
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL/
- WEBhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170