CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
55.0%
Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.
Vendor | Product | Version | CPE |
---|---|---|---|
umbraco | umbraco_cms | * | cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:* |
[
{
"vendor": "umbraco",
"product": "Umbraco-CMS",
"versions": [
{
"version": ">= 9.0.0, < 10.6.1",
"status": "affected"
},
{
"version": ">= 11.0.0, < 11.4.2",
"status": "affected"
},
{
"version": "= 12.0.0",
"status": "affected"
}
]
}
]
github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb041e410e
github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644e7b569
github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b18020e1fed
github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7m