Lucene search

[email protected]NVD:CVE-2024-43376

HistoryAug 20, 2024 - 3:15 p.m.

CVE-2024-43376

2024-08-2015:15:23

CWE-209

[email protected]

web.nvd.nist.gov

umbraco

management api

vulnerability

non-debug mode

asp.net cms

stack trace

fixed

14.1.2

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

17.7%

JSON

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.

Affected configurations

Nvd

Node

umbracoumbraco_cmsRange14.0.0–14.1.2

VendorProductVersionCPE
umbracoumbraco_cms*cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
umbraco	umbraco_cms	*	cpe:2.3:a:umbraco:umbraco_cms::::::::

References

github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004

github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

17.7%

JSON

Related for NVD:CVE-2024-43376

cvelist1 osv2 veracode1 cve1 github1 vulnrichment1