Home > Vulnerability Database > CVE-2022-34716

Mend.io Vulnerability Database

CVE-2022-34716

Good to know:

Date: August 9, 2022

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information. ## Affected software * Any .NET 6.0 application running on .NET 6.0.7 or earlier. * Any .NET Core 3.1 applicaiton running on .NET Core 3.1.27 or earlier. ## Patches * If you're using .NET 6.0, you should download and install Runtime 6.0.8 or SDK 6.0.108 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0. * If you're using .NET Core 3.1, you should download and install Runtime 3.1.28 (for Visual Studio 2019 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/3.1.

Language: C#

Severity Score

5.9

Related Resources (8)

Url: https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj

Url: https://github.com/dotnet/aspnetcore/issues/43166

Url: https://github.com/dotnet/announcements/issues/232

Url: https://access.redhat.com/security/cve/CVE-2022-34716

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-34716

Url: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716

Url: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716

Url: https://www.mend.io/vulnerability-database/CVE-2022-34716

Severity Score

5.9

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Authentication Bypass by Spoofing

CWE-290

Top Fix

Upgrade Version

Upgrade to version system.security.cryptography.xml - 4.7.1;system.security.cryptography.xml - 6.0.1;microsoft.aspnetcore.app.runtime.win-x64 - 3.1.28;microsoft.aspnetcore.app.runtime.win-x64 - 6.0.8;microsoft.aspnetcore.app.runtime.linux-x64 - 3.1.28;microsoft.aspnetcore.app.runtime.linux-x64 - 6.0.8;microsoft.aspnetcore.app.runtime.win-x86 - 3.1.28;microsoft.aspnetcore.app.runtime.win-x86 - 6.0.8;microsoft.aspnetcore.app.runtime.osx-x64 - 3.1.28;microsoft.aspnetcore.app.runtime.osx-x64 - 6.0.8;microsoft.aspnetcore.app.runtime.linux-musl-x64 - 3.1.28;microsoft.aspnetcore.app.runtime.linux-musl-x64 - 6.0.8;microsoft.aspnetcore.app.runtime.linux-arm64 - 3.1.28;microsoft.aspnetcore.app.runtime.linux-arm64 - 6.0.8;microsoft.aspnetcore.app.runtime.linux-arm - 3.1.28;microsoft.aspnetcore.app.runtime.linux-arm - 6.0.8;microsoft.aspnetcore.app.runtime.win-arm64 - 3.1.28;microsoft.aspnetcore.app.runtime.win-arm64 - 6.0.8;microsoft.aspnetcore.app.runtime.win-arm - 3.1.28;microsoft.aspnetcore.app.runtime.win-arm - 6.0.8;microsoft.aspnetcore.app.runtime.osx-arm64 - 6.0.8;microsoft.aspnetcore.app.runtime.linux-musl-arm64 - 3.1.28;microsoft.aspnetcore.app.runtime.linux-musl-arm64 - 6.0.8;microsoft.aspnetcore.app.runtime.linux-musl-arm - 6.0.8

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-34716

Good to know:

Date: August 9, 2022

Language: C#

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?