Lucene search
GoogleOSV:GHSA-552F-97WF-PMPQHistoryMar 20, 2024 - 5:54 p.m.
Umbraco possible user enumeration
2024-03-2017:54:35
Google
osv.dev
10
user enumeration
umbraco
version 10
native login
security issue
patch
CVSS3
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
7
Confidence
Low
EPSS
0
Percentile
9.0%
Impact
A user enumeration attack is possible.
Affected versions
Umbraco 10 with access to the native login screen
Patches
This is fixed in 10.8.5
Workarounds
Disabling the native login screen, by exclusively use external logins.
Related
osv
osv
CVE-2024-28868
2024-03-20 20:15:09
nvd
nvd
CVE-2024-28868
2024-03-20 20:15:09
veracode
veracode
Username Enumeration
2024-03-22 12:24:01
cvelist
cvelist
CVE-2024-28868 Umbraco possible user enumeration vulnerability
2024-03-20 20:07:42
vulnrichment
vulnrichment
CVE-2024-28868 Umbraco possible user enumeration vulnerability
2024-03-20 20:07:42
cve
cve
CVE-2024-28868
2024-03-20 20:15:09
github
github
Umbraco possible user enumeration
2024-03-20 17:54:35
CVSS3
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
7
Confidence
Low
EPSS
0
Percentile
9.0%
Related for OSV:GHSA-552F-97WF-PMPQ