GitHub_MCVELIST:CVE-2023-49274CVE-2023-49274 Umbraco CMS SMTP misconfiguration exposes potential registered user email
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
0.0005 Low
EPSS
Percentile
17.1%
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.
CNA Affected
[
{
"vendor": "umbraco",
"product": "Umbraco-CMS",
"versions": [
{
"version": ">= 8.0.0, < 8.18.10",
"status": "affected"
},
{
"version": ">= 9.0.0-rc001, < 10.8.1",
"status": "affected"
},
{
"version": ">= 11.0.0-rc1, < 12.3.4",
"status": "affected"
}
]
}
]Related
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
0.0005 Low
EPSS
Percentile
17.1%