CVE-2023-49273

2023-12-1219:15:08

CWE-863

[email protected]

web.nvd.nist.gov

umbraco

cms

asp.net

content management system

cve-2023-49273

security vulnerability

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

13.3%

JSON

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.

Affected configurations

Vulners

NVD

Node

umbracoumbraco_cmsRange8.0.0–8.18.10

umbracoumbraco_cmsRange9.0.0-rc001–10.8.1

umbracoumbraco_cmsRange11.0.0-rc1–12.3.4

VendorProductVersionCPE
umbracoumbraco_cms*cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*
umbracoumbraco_cms*cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*
umbracoumbraco_cms*cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
umbraco	umbraco_cms	*	cpe:2.3:a:umbraco:umbraco_cms::::::::
umbraco	umbraco_cms	*	cpe:2.3:a:umbraco:umbraco_cms::::::::
umbraco	umbraco_cms	*	cpe:2.3:a:umbraco:umbraco_cms::::::::

CNA Affected

[
  {
    "vendor": "umbraco",
    "product": "Umbraco-CMS",
    "versions": [
      {
        "version": ">= 8.0.0, < 8.18.10",
        "status": "affected"
      },
      {
        "version": ">= 9.0.0-rc001, < 10.8.1",
        "status": "affected"
      },
      {
        "version": ">= 11.0.0-rc1, < 12.3.4",
        "status": "affected"
      }
    ]
  }
]