Опубликовано: 20 авг. 2024
Источник: github
Github: Прошло ревью
CVSS4: 6.3
CVSS3: 5.4
Описание
Umbraco CMS Improper Access Control vulnerability
Impact
As an authenticated user one can access a few unintended endpoints
Explanation of the vulnerability
Few endpoints in Umbraco Management API was not protected by a specific section. These just required you to be authenticated. Due to the fact that a member is also just authenticated, it was possible to get info from these endpoints using a member token.
Пакеты
Наименование
Umbraco.Cms
nuget
Затронутые версииВерсия исправления
>= 14.0.0, < 14.1.2
14.1.2
Связанные уязвимости
CVSS3: 5.4
nvd
больше 1 года назад
Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2.