Lucene search
GitHub Advisory DatabaseGHSA-552F-97WF-PMPQHistoryMar 20, 2024 - 5:54 p.m.
Umbraco possible user enumeration
2024-03-2017:54:35
CWE-204
GitHub Advisory Database
github.com
10
umbraco
user enumeration
security issue
version 10
login screen
patch
workaround
CVSS3
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
6.6
Confidence
Low
EPSS
0
Percentile
9.0%
Impact
A user enumeration attack is possible.
Affected versions
Umbraco 10 with access to the native login screen
Patches
This is fixed in 10.8.5
Workarounds
Disabling the native login screen, by exclusively use external logins.
Affected configurations
Node
umbracocmsRange<10.8.5
Related
osv
osv
CVE-2024-28868
2024-03-20 20:15:09
Umbraco possible user enumeration
2024-03-20 17:54:35
nvd
nvd
CVE-2024-28868
2024-03-20 20:15:09
veracode
veracode
Username Enumeration
2024-03-22 12:24:01
cve
cve
CVE-2024-28868
2024-03-20 20:15:09
cvelist
cvelist
CVE-2024-28868 Umbraco possible user enumeration vulnerability
2024-03-20 20:07:42
CVSS3
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
6.6
Confidence
Low
EPSS
0
Percentile
9.0%
Related for GHSA-552F-97WF-PMPQ