Lucene search

[email protected]NVD:CVE-2023-37267

HistoryJul 13, 2023 - 2:15 p.m.

CVE-2023-37267

2023-07-1314:15:09

CWE-284

[email protected]

web.nvd.nist.gov

umbraco

asp.net

cms

vulnerability

patched

versions

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

55.0%

JSON

Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.

Affected configurations

Nvd

Node

umbracoumbraco_cmsRange10.0.0–10.6.1

umbracoumbraco_cmsRange11.0.0–11.4.2

umbracoumbraco_cmsRange12.0.0–12.0.1

VendorProductVersionCPE
umbracoumbraco_cms*cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
umbraco	umbraco_cms	*	cpe:2.3:a:umbraco:umbraco_cms::::::::

References

github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb041e410e

github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644e7b569

github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b18020e1fed

github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7m

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

55.0%

JSON

Related for NVD:CVE-2023-37267

prion1 cvelist1 veracode1 osv2 cve1 github1