Lucene search
GitHub_MCVE-2023-49278HistoryDec 12, 2023 - 8:15 p.m.
CVE-2023-49278
2023-12-1220:15:08
CWE-307
CWE-200
GitHub_M
web.nvd.nist.gov
14
umbraco
cms
asp.net
nvd
cve-2023-49278
security
brute force
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
17.0%
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.
Affected configurations
Node
umbracoumbraco_cmsRange8.0.0–8.18.10
ORumbracoumbraco_cmsRange10.0.0–10.8.1
ORumbracoumbraco_cmsRange12.0.0–12.3.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| umbraco | umbraco_cms | * | cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "umbraco",
"product": "Umbraco-CMS",
"versions": [
{
"version": ">= 8.0.0, < 8.18.10",
"status": "affected"
},
{
"version": ">= 9.0.0-rc001, < 10.8.1",
"status": "affected"
},
{
"version": ">= 11.0.0-rc1, < 12.3.4",
"status": "affected"
}
]
}
]Related
prion
prion
Information disclosure
2023-12-12 20:15:00
github
github
Brute force exploit can be used to collect valid usernames
2023-12-13 13:27:06
nvd
nvd
CVE-2023-49278
2023-12-12 20:15:08
osv
osv
Brute force exploit can be used to collect valid usernames
2023-12-13 13:27:06
CVE-2023-49278
2023-12-12 20:15:08
veracode
veracode
Brute Force Of Valid Usernames
2023-12-13 12:03:36
cvelist
cvelist
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
17.0%
Related for CVE-2023-49278