CVE-2018-8292: .NET Core Information Disclosure Vulnerability
Microsoft is aware of a security feature bypass vulnerability that exists when .NET Core when HTTP authentication information is inadvertently exposed in an outbound request that encounters an HTTP redirect. An attacker who successfully exploited this vulnerability could use the information to further compromise the web application.
The update addresses the vulnerability by correcting how .NET Core applications handles HTTP redirects.
Getting the Update
The latest .NET Core updates are available on the .NET Core download page.
Today’s releases are listed as follows:
.NET Docker images have been updated for today’s release. The following repos have been updated.
Note: Look at the “Tags” view in each repository to see the updated Docker image tags.
Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.
Azure App Services deployment
Deployment to Azure App Services has begun and the West Central US region will be live this morning. Remaining regions will be updated over the next few days and deployment is expected to be complete by end of week.
Previous .NET Core Updates
The last few .NET Core updates follow: