| Summary: |
CVE-2023-28260 dotnet: CWD dll hijack vulnerability |
| Product: |
[Other] Security Response
|
Reporter: |
Pedro Sampaio <psampaio> |
| Component: |
vulnerability | Assignee: |
Red Hat Product Security <security-response-team> |
| Status: |
CLOSED
NOTABUG
|
QA Contact: |
|
| Severity: |
high
|
Docs Contact: |
|
| Priority: |
high
|
|
|
| Version: |
unspecified | CC: |
andrew.slice, bodavis, dbhole, jburrell, kanderso, lvaleeva, omajid, rwagner, security-response-team
|
| Target Milestone: |
--- | Keywords: |
Security |
| Target Release: |
--- | |
|
| Hardware: |
All | |
|
| OS: |
Linux | |
|
| Whiteboard: |
|
|
Fixed In Version:
|
dotnet 6.0.16, dotnet 7.0.5
|
Doc Type:
|
If docs needed, set a value
|
|---|
|
Doc Text:
|
A vulnerability was found in dotNet. A runtime DLL may be loaded from an unexpected location, resulting in remote code execution.
|
Story Points:
|
---
|
|---|
|
Clone Of:
|
|
Environment:
|
|
|---|
|
Last Closed:
|
2023-04-14 19:36:29 UTC
|
Type:
|
---
|
|---|
|
Regression:
|
---
|
Mount Type:
|
---
|
|---|
|
Documentation:
|
---
|
CRM:
|
|
|---|
|
Verified Versions:
|
|
Category:
|
---
|
|---|
|
oVirt Team:
|
---
|
RHEL 7.3 requirements from Atomic Host:
|
|
|---|
|
Cloudforms Team:
|
---
|
Target Upstream Version:
|
|
|---|
|
Embargoed:
|
|
| |
|---|
| Bug Depends On: |
2185493, 2185494, 2185495, 2185496, 2185497
|
|
|
| Bug Blocks: |
2185017
|
|
|
AzureDevOps Elevation of Privilege - Dotnet CWD dll hijack vuln Affected versions: .NET 6.0 .NET 7.0 Affected packages: Microsoft.NetCore.App.Runtime.* (System.Private.CoreLib) Affected versions: >=6.0.0, <= 6.0.15 >=7.0.0, <= 7.0.4 Patched versions: 6.0.16 7.0.5