CVE-2018-0787: Weak Password Recovery Mechanism for Forgotten Password

October 16, 2018 (updated August 31, 2021)

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka “ASP.NET Core Elevation Of Privilege Vulnerability”.

References

github.com/advisories/GHSA-365p-96qv-xr7g
github.com/aspnet/Announcements/issues/295
nvd.nist.gov/vuln/detail/CVE-2018-0787

Code Behaviors & Features

Detect and mitigate CVE-2018-0787 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →