CVE-2021-34485: 
vulnerability analysis and mitigation

CVE-2021-34485 is an information disclosure vulnerability affecting .NET Core and Visual Studio. The vulnerability was discovered and reported to Microsoft, with the initial CVE record being created on June 9, 2021, and public disclosure occurring on August 12, 2021. The affected systems include multiple versions of .NET Core (2.1.x through 3.1.x), .NET 5.0, and PowerShell Core 7.0 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) by NIST and 5.0 (Medium) by Microsoft. The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction. The vulnerability primarily affects confidentiality with no impact on integrity or availability (NVD).

This vulnerability allows for information disclosure, specifically related to dump file permissions. When exploited, it could potentially expose sensitive information to unauthorized users, as the dump files are created with world-readable permissions (Red Hat).

Microsoft has released security updates to address this vulnerability. The fixes are available in .NET SDK 3.1.118 and .NET Runtime 3.1.18 for affected versions. Users are advised to update to these patched versions to mitigate the vulnerability (Red Hat).