Back to bug 2221854
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| TEJ RATHI | 2023-07-11 05:28:19 UTC | CC | security-response-team | |
| TEJ RATHI | 2023-07-11 05:30:37 UTC | CC | andrew.slice, bodavis, dbhole, kanderso, lvaleeva, omajid, rwagner | |
| TEJ RATHI | 2023-07-11 05:34:16 UTC | Blocks | 2221855 | |
| TEJ RATHI | 2023-07-11 16:42:51 UTC | Summary | EMBARGOED CVE-2023-33170 dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method | CVE-2023-33170 dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method |
| Group | security, qe_staff | |||
| Deadline | 2023-07-11 | |||
| TEJ RATHI | 2023-07-11 17:45:18 UTC | Depends On | 2222069, 2222062, 2222067, 2222064, 2222065, 2222068, 2222060, 2222063, 2222059, 2222066, 2222061 | |
| TEJ RATHI | 2023-07-11 18:02:05 UTC | Depends On | 2222072, 2222071 | |
| TEJ RATHI | 2023-07-12 06:16:47 UTC | Doc Text | A vulnerability was found in dotNET applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords and bypass security restrictions. A remote attacker could exploit this vulnerability to bypass security feature to cause impact on confidentiality, integrity and Availability. | |
| TEJ RATHI | 2023-07-12 06:20:08 UTC | Fixed In Version | dotnet 6.0.20, dotnet 7.0.9 | |
| RaTasha Tillery-Smith | 2023-07-12 14:11:35 UTC | Doc Text | A vulnerability was found in dotNET applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords and bypass security restrictions. A remote attacker could exploit this vulnerability to bypass security feature to cause impact on confidentiality, integrity and Availability. | A vulnerability was found in dotNET applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords and bypass security restrictions. This flaw allows a remote attacker to bypass security features, causing an impact on confidentiality, integrity, and availability. |
| errata-xmlrpc | 2023-07-13 08:37:20 UTC | Link ID | Red Hat Product Errata RHSA-2023:4058 | |
| errata-xmlrpc | 2023-07-13 08:37:28 UTC | Link ID | Red Hat Product Errata RHSA-2023:4059 | |
| errata-xmlrpc | 2023-07-13 08:38:52 UTC | Link ID | Red Hat Product Errata RHSA-2023:4057 | |
| errata-xmlrpc | 2023-07-13 08:41:52 UTC | Link ID | Red Hat Product Errata RHSA-2023:4061 | |
| errata-xmlrpc | 2023-07-13 08:46:36 UTC | Link ID | Red Hat Product Errata RHSA-2023:4060 | |
| Product Security DevOps Team | 2023-07-13 13:41:44 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-07-13 13:41:44 UTC | |||
| errata-xmlrpc | 2023-08-03 07:53:57 UTC | Link ID | Red Hat Product Errata RHSA-2023:4449 | |
| errata-xmlrpc | 2023-08-03 07:54:56 UTC | Link ID | Red Hat Product Errata RHSA-2023:4448 |
Back to bug 2221854