Bug 2115183 (CVE-2022-34716) - CVE-2022-34716 dotnet: External Entity Injection during XML signature verification
Summary: CVE-2022-34716 dotnet: External Entity Injection during XML signature verific...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-34716
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2115185 2115186 2115187 2115188 2115189 2115190 2115191 2115192 2116985 2116986 2116987
Blocks: 2115027
TreeView+ depends on / blocked
 
Reported: 2022-08-04 04:51 UTC by Avinash Hanwate
Modified: 2022-09-01 14:25 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information.
Clone Of:
Environment:
Last Closed: 2022-09-01 14:25:37 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:6037 0 None None None 2022-08-10 10:15:43 UTC
Red Hat Product Errata RHSA-2022:6038 0 None None None 2022-08-10 10:17:05 UTC
Red Hat Product Errata RHSA-2022:6043 0 None None None 2022-08-10 13:56:35 UTC
Red Hat Product Errata RHSA-2022:6057 0 None None None 2022-08-15 08:05:53 UTC
Red Hat Product Errata RHSA-2022:6058 0 None None None 2022-08-15 08:49:50 UTC

Description Avinash Hanwate 2022-08-04 04:51:40 UTC 
External Entity Injection during XML signature verification.
Comment 2 Sandipan Roy 2022-08-09 16:54:14 UTC 
https://github.com/dotnet/announcements/issues/232
Comment 3 Sandipan Roy 2022-08-09 16:54:48 UTC 
Created dotnet3.1 tracking bugs for this issue:

Affects: fedora-all [bug 2116985]


Created dotnet5.0 tracking bugs for this issue:

Affects: fedora-all [bug 2116986]


Created dotnet6.0 tracking bugs for this issue:

Affects: fedora-all [bug 2116987]
Comment 4 errata-xmlrpc 2022-08-10 10:15:40 UTC 
This issue has been addressed in the following products:

  .NET Core on Red Hat Enterprise Linux

Via RHSA-2022:6037 https://access.redhat.com/errata/RHSA-2022:6037
Comment 5 errata-xmlrpc 2022-08-10 10:17:02 UTC 
This issue has been addressed in the following products:

  .NET Core on Red Hat Enterprise Linux

Via RHSA-2022:6038 https://access.redhat.com/errata/RHSA-2022:6038
Comment 6 errata-xmlrpc 2022-08-10 13:56:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6043 https://access.redhat.com/errata/RHSA-2022:6043
Comment 7 errata-xmlrpc 2022-08-15 08:05:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:6057 https://access.redhat.com/errata/RHSA-2022:6057
Comment 8 errata-xmlrpc 2022-08-15 08:49:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:6058 https://access.redhat.com/errata/RHSA-2022:6058
Comment 9 Product Security DevOps Team 2022-09-01 14:25:34 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-34716
Note You need to log in before you can comment on or make changes to this bug.