GHSA-552f-97wf-pmpq

Опубликовано: 20 мар. 2024

Источник: github

Github: Прошло ревью

CVSS3: 3.7

Описание

Umbraco possible user enumeration

Impact

A user enumeration attack is possible.

Affected versions

Umbraco 10 with access to the native login screen

Patches

This is fixed in 10.8.5

Workarounds

Disabling the native login screen, by exclusively use external logins.

Ссылки

Пакеты

Наименование

UmbracoCMS

nuget

Затронутые версииВерсия исправления

>= 10.0.0, < 10.8.5

10.8.5

EPSS

Процентиль: 45%

0.00229

Низкий

3.7 Low

CVSS3

CVE ID

CVE-2024-28868

Дефекты

CWE-203

CWE-204

Связанные уязвимости

CVE-2024-28868

CVSS3: 3.7

nvd

почти 2 года назад

Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration attack. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external logins.

EPSS

Процентиль: 45%

0.00229

Низкий

3.7 Low

CVSS3

CVE ID

CVE-2024-28868

Дефекты

CWE-203

CWE-204