QID 995395
Date Published: 2023-09-25
QID 995395: DotNet (Nuget) Security Update for DotNetNuke.Core (GHSA-grw3-hjjm-5cjm)
DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Github security advisory GHSA-grw3-hjjm-5cjm for updates and patch information.
Vendor References
- GHSA-grw3-hjjm-5cjm -
github.com/advisories/GHSA-grw3-hjjm-5cjm
CVEs related to QID 995395
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-grw3-hjjm-5cjm | DotNetNuke.Core |
|