Path to dependency file: /build/NuSpecs/UmbracoCms.Web.nuspec
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnet.identity.owin/2.2.2/microsoft.aspnet.identity.owin.2.2.2.nupkg,/home/wss-scanner/.nuget/packages/microsoft.aspnet.identity.owin/2.2.2/microsoft.aspnet.identity.owin.2.2.2.nupkg
Vulnerabilities
CVE
Severity
CVSS
Exploit Maturity
EPSS
Dependency
Type
Fixed in (microsoft.aspnet.identity.owin.2.2.2.nupkg version)
Path to dependency file: /build/NuSpecs/UmbracoCms.Web.nuspec
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnet.identity.owin/2.2.2/microsoft.aspnet.identity.owin.2.2.2.nupkg,/home/wss-scanner/.nuget/packages/microsoft.aspnet.identity.owin/2.2.2/microsoft.aspnet.identity.owin.2.2.2.nupkg
Vulnerable Library - microsoft.aspnet.identity.owin.2.2.2.nupkg
Owin implementation for ASP.NET Identity.
Library home page: https://api.nuget.org/packages/microsoft.aspnet.identity.owin.2.2.2.nupkg
Path to dependency file: /build/NuSpecs/UmbracoCms.Web.nuspec
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnet.identity.owin/2.2.2/microsoft.aspnet.identity.owin.2.2.2.nupkg,/home/wss-scanner/.nuget/packages/microsoft.aspnet.identity.owin/2.2.2/microsoft.aspnet.identity.owin.2.2.2.nupkg
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2023-33170
### Vulnerable Library - microsoft.aspnet.identity.owin.2.2.2.nupkgOwin implementation for ASP.NET Identity.
Library home page: https://api.nuget.org/packages/microsoft.aspnet.identity.owin.2.2.2.nupkg
Path to dependency file: /build/NuSpecs/UmbracoCms.Web.nuspec
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnet.identity.owin/2.2.2/microsoft.aspnet.identity.owin.2.2.2.nupkg,/home/wss-scanner/.nuget/packages/microsoft.aspnet.identity.owin/2.2.2/microsoft.aspnet.identity.owin.2.2.2.nupkg
Dependency Hierarchy: - :x: **microsoft.aspnet.identity.owin.2.2.2.nupkg** (Vulnerable Library)
Found in base branch: v8/contrib
### Vulnerability DetailsASP.NET and Visual Studio Security Feature Bypass Vulnerability
Publish Date: 2023-07-11
URL: CVE-2023-33170
### Threat AssessmentExploit Maturity: Proof of concept
EPSS: 0.2%
### CVSS 4 Score Details (8.2)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
For more information on CVSS4 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-25c8-p796-jg6r
Release Date: 2023-07-11
Fix Resolution: Microsoft.AspNet.Identity.Owin - 2.2.4;Microsoft.AspNetCore.App.Runtime - 6.0.20,7.0.9;Microsoft.AspNetCore.Identity - 2.1.39
In order to enable automatic remediation, please create workflow rules
In order to enable automatic remediation for this issue, please create workflow rules