Bugzilla – Bug 1111316
VUL-0: CVE-2018-8292: mono-core: information disclosure due to authentication information exposed in a redirect
Last modified: 2018-11-01 22:44:48 UTC
A flaw was found in .NET Core. An information disclosure vulnerability in a redirect when authentication information has been added manually to an Authorization header. An attacker who successfully exploited this vulnerability could use the information to further compromise the web application.
System.Net.Http is also in mono-core. I have a hard time assessing if we're affected by this based on the available information. Do you have more knowledge of this package?
mdeslaur> fix in 1.1.10 is:
mdeslaur> this code doesn't look like it's present in the mono package
Checked with the Mono team. The issue should not affect us.
Closing bug as INVALID.