CVE-2023-33170

ASP.NET and Visual Studio Security Feature Bypass Vulnerability
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
microsoftCNA
8.1 HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
microsoft.net
6.0.0 ≤
𝑥
< 6.0.20
microsoft.net
7.0.0 ≤
𝑥
< 7.0.9
microsoftvisual_studio_2022
17.0 ≤
𝑥
< 17.0.23
microsoftvisual_studio_2022
17.2.0 ≤
𝑥
< 17.2.17
microsoftvisual_studio_2022
17.4.0 ≤
𝑥
< 17.4.9
microsoftvisual_studio_2022
17.6.0 ≤
𝑥
< 17.6.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dotnet6
lunar
Fixed 6.0.120-0ubuntu1~23.04.1
released
kinetic
Fixed 6.0.120-0ubuntu1~22.10.1
released
jammy
Fixed 6.0.120-0ubuntu1~22.04.1
released
focal
dne
bionic
dne
xenial
dne
trusty
dne
dotnet7
lunar
Fixed 7.0.109-0ubuntu1~23.04.1
released
kinetic
Fixed 7.0.109-0ubuntu1~22.10.1
released
jammy
Fixed 7.0.109-0ubuntu1~22.04.1
released
focal
dne
bionic
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170