Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section. Version 14.3.0 contains a patch.
References
Link | Resource |
---|---|
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-4gp9-ff99-j6vj | Vendor Advisory |
Configurations
History
25 Oct 2024, 14:12
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-4gp9-ff99-j6vj - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Umbraco umbraco Cms
Umbraco |
|
CPE | cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:* |
23 Oct 2024, 15:12
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
22 Oct 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-22 16:15
Updated : 2024-10-25 14:12
NVD link : CVE-2024-48925
Mitre link : CVE-2024-48925
CVE.ORG link : CVE-2024-48925
JSON object : View
Products Affected
umbraco
- umbraco_cms