VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-rcjn-7ufv-aaag

Essentials
Severities (115)
References (39)
Severity details (40)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-rcjn-7ufv-aaag
Aliases	CVE-2020-1045 GHSA-hxrm-9w7p-39cc
Summary	Improper Input Validation A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded. The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-807	Reliance on Untrusted Inputs in a Security Decision

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3697
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2020:3699
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3699
ssvc	Track	https://access.redhat.com/errata/RHSA-2020:3699
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1045.json
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.00370	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.00370	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.00370	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.00370	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.00370	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.00370	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.00370	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.00370	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.00370	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.00370	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.00370	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13529	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13529	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13529	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13529	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.13779	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.17328	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.17328	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.17328	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.17328	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.17328	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.17328	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.17328	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
epss	0.53719	https://api.first.org/data/v1/epss?cve=CVE-2020-1045
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=1873451
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-hxrm-9w7p-39cc
cvssv3.1	7.5	https://github.com/dotnet/announcements/issues/165
generic_textual	HIGH	https://github.com/dotnet/announcements/issues/165
cvssv3.1	7.5	https://github.com/dotnet/aspnetcore/issues/25701
generic_textual	HIGH	https://github.com/dotnet/aspnetcore/issues/25701
cvssv3.1	7.5	https://github.com/dotnet/aspnetcore/issues/25701#issuecomment-689434477
generic_textual	HIGH	https://github.com/dotnet/aspnetcore/issues/25701#issuecomment-689434477
cvssv3.1	7.5	https://github.com/dotnet/aspnetcore/pull/24264
generic_textual	HIGH	https://github.com/dotnet/aspnetcore/pull/24264
cvssv3.1	7.5	https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318
cvssv3.1	7.5	https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318
generic_textual	HIGH	https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318
ssvc	Track	https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318
cvssv3.1	7.5	https://github.com/github/advisory-database/issues/302
generic_textual	HIGH	https://github.com/github/advisory-database/issues/302
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2020-1045
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2020-1045
cvssv3.1	7.5	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045
cvssv3.1	7.5	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045
generic_textual	HIGH	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045
ssvc	Track	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045
cvssv3.1	7.5	https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600
cvssv3.1	7.5	https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600
generic_textual	HIGH	https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600
ssvc	Track	https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1045.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-1045
		https://github.com/dotnet/announcements/issues/165
		https://github.com/dotnet/aspnetcore/issues/25701
		https://github.com/dotnet/aspnetcore/issues/25701#issuecomment-689434477
		https://github.com/dotnet/aspnetcore/pull/24264
		https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318
		https://github.com/github/advisory-database/issues/302
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/
		https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045
		https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600
1873451		https://bugzilla.redhat.com/show_bug.cgi?id=1873451
cpe:2.3:a:microsoft:asp.net_core::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core::::::::
cpe:2.3:a:microsoft:asp.net_core:2.1:::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:2.1:::::::
cpe:2.3:a:microsoft:asp.net_core:2.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:2.1:::::::*
cpe:2.3:a:microsoft:asp.net_core:3.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:3.1:::::::*
cpe:2.3:o:fedoraproject:fedora:32:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
cpe:2.3:o:fedoraproject:fedora:33:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_aus:8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_aus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_aus:8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_aus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_aus:8.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_aus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_tus:8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_tus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_tus:8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_tus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_tus:8.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_tus:8.6:::::::*
CVE-2020-1045		https://nvd.nist.gov/vuln/detail/CVE-2020-1045
GHSA-hxrm-9w7p-39cc		https://github.com/advisories/GHSA-hxrm-9w7p-39cc
RHSA-2020:3697		https://access.redhat.com/errata/RHSA-2020:3697
RHSA-2020:3699		https://access.redhat.com/errata/RHSA-2020:3699

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C Found at https://access.redhat.com/errata/RHSA-2020:3699

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T18:21:43Z/ Found at https://access.redhat.com/errata/RHSA-2020:3699

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1045.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/dotnet/announcements/issues/165

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/dotnet/aspnetcore/issues/25701

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/dotnet/aspnetcore/issues/25701#issuecomment-689434477

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/dotnet/aspnetcore/pull/24264

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C Found at https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T18:21:43Z/ Found at https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/github/advisory-database/issues/302

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T18:21:43Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-1045

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-1045

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T18:21:43Z/ Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C Found at https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T18:21:43Z/ Found at https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600

Exploit Prediction Scoring System (EPSS)

Percentile	0.49614
EPSS Score	0.00137
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1045.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-1045
		https://github.com/dotnet/announcements/issues/165
		https://github.com/dotnet/aspnetcore/issues/25701
		https://github.com/dotnet/aspnetcore/issues/25701#issuecomment-689434477
		https://github.com/dotnet/aspnetcore/pull/24264
		https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318
		https://github.com/github/advisory-database/issues/302
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/
		https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045
		https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600
1873451		https://bugzilla.redhat.com/show_bug.cgi?id=1873451
cpe:2.3:a:microsoft:asp.net_core::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core::::::::
cpe:2.3:a:microsoft:asp.net_core:2.1:::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:2.1:::::::
cpe:2.3:a:microsoft:asp.net_core:2.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:2.1:::::::*
cpe:2.3:a:microsoft:asp.net_core:3.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:3.1:::::::*
cpe:2.3:o:fedoraproject:fedora:32:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
cpe:2.3:o:fedoraproject:fedora:33:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_aus:8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_aus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_aus:8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_aus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_aus:8.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_aus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_tus:8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_tus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_tus:8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_tus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_tus:8.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_tus:8.6:::::::*
CVE-2020-1045		https://nvd.nist.gov/vuln/detail/CVE-2020-1045
GHSA-hxrm-9w7p-39cc		https://github.com/advisories/GHSA-hxrm-9w7p-39cc
RHSA-2020:3697		https://access.redhat.com/errata/RHSA-2020:3697
RHSA-2020:3699		https://access.redhat.com/errata/RHSA-2020:3699