Описание
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
Impact
An improper access control issue has been identified, allowing low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section
Пакеты
Наименование
Umbraco.CMS
nuget
Затронутые версииВерсия исправления
>= 14.0.0, < 14.3.0
14.3.0
Связанные уязвимости
nvd
больше 1 года назад
Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section. Version 14.3.0 contains a patch.