CVE-2021-43877

State: PUBLISHED · Published: 2021-12-15 · Updated: 2024-08-04 · Assigner: microsoft

Description

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability

CWE

Affected

Microsoft / Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) — v=16.0.0 <16.7.23 [affected]
Microsoft / Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) — v=15.0.0 <16.9.15 [affected]
Microsoft / Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) — v=16.11.0 <16.11.8 [affected]
Microsoft / Microsoft Visual Studio 2022 version 17.0 — v=17.0.0 <17.0.3 [affected]
Microsoft / ASP.NET Core 3.1 — v=3.0 <3.1.22 [affected]
Microsoft / ASP.NET Core 5.0 — v=5.0 <5.0.13 [affected]
Microsoft / ASP.NET Core 6.0 — v=6.0 <6.0.101 [affected]
Microsoft / Microsoft Visual Studio 2022 version 17.1 — v=17.0.0 <17.1.4 [affected]

CVSS

3.1 score=8.8 severity=HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

References

Source

cvelistV5-main/cves/2021/43xxx/CVE-2021-43877.json