CVE-2023-49273

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-49273
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-cfr5-7p54-4qg8 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*
History

15 Dec 2023, 18:30

Type Values Removed Values Added
First Time Umbraco
Umbraco umbraco Cms
CPE cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*
References () https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-cfr5-7p54-4qg8 - () https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-cfr5-7p54-4qg8 - Vendor Advisory
Summary
  • (es) Umbraco es un sistema de gestión de contenidos (CMS) ASP.NET. A partir de la versión 8.0.0 y anteriores a las versiones 8.18.10, 10.8.1 y 12.3.4, los usuarios con privilegios bajos (Editor, etc.) pueden acceder a algunos endpoints no deseados. Las versiones 8.18.10, 10.8.1 y 12.3.4 contienen un parche para este problema.

12 Dec 2023, 20:20

Type Values Removed Values Added
Summary (en) Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue. (en) Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.

12 Dec 2023, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-12-12 19:15

Updated : 2023-12-15 18:30

NVD link : CVE-2023-49273

Mitre link : CVE-2023-49273

CVE.ORG link : CVE-2023-49273

JSON object : View

Products Affected

umbraco

  • umbraco_cms
CWE
CWE-863

Incorrect Authorization