Lucene search

GoogleOSV:CVE-2023-49278

HistoryDec 12, 2023 - 8:15 p.m.

CVE-2023-49278

2023-12-1220:15:08

Google

osv.dev

umbraco cms

brute force

security exploit

username collection

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.

CPENameOperatorVersion
umbraco-cmseqrelease-7.15.4
umbraco-cmseqrelease-8.1.2
umbraco-cmseqrelease-8.10.3
umbraco-cmseqrelease-8.18.4
umbraco-cmseqrelease-8.7.2
umbraco-cmseqrelease-8.18.2
umbraco-cmseqrelease-8.6.1
umbraco-cmseqrelease-8.8
umbraco-cmseqrelease-8.6.4
umbraco-cmseqrelease-8.16.0

Name	Operator	Version
umbraco-cms	eq	release-7.15.4
umbraco-cms	eq	release-8.1.2
umbraco-cms	eq	release-8.10.3
umbraco-cms	eq	release-8.18.4
umbraco-cms	eq	release-8.7.2
umbraco-cms	eq	release-8.18.2
umbraco-cms	eq	release-8.6.1
umbraco-cms	eq	release-8.8
umbraco-cms	eq	release-8.6.4
umbraco-cms	eq	release-8.16.0

Rows per page:

1-10 of 1071

References

github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-7x74-h8cw-qhxq

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for OSV:CVE-2023-49278