Описание
Blind SSRF Leads to Port Scan by using Webhooks
Impact
Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical.
Affected Versions
Umbraco versions 13.0.0 - 13.1.1
Patches
13.1.1
Workarounds
Disabling webhooks functionality.
Пакеты
Наименование
Umbraco.Cms.Core
nuget
Затронутые версииВерсия исправления
>= 13.0.0, < 13.1.1
13.1.1
Наименование
Umbraco.Cms.Web.BackOffice
nuget
Затронутые версииВерсия исправления
>= 13.0.0, < 13.1.1
13.1.1
Связанные уязвимости
CVSS3: 4.1
nvd
почти 2 года назад
Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1.