Lucene search

PRIOn knowledge basePRION:CVE-2023-49274

HistoryDec 12, 2023 - 8:15 p.m.

Default credentials

2023-12-1220:15:00

PRIOn knowledge base

www.prio-n.com

default credentials

umbraco cms

user enumeration

smtp

reset password

vulnerability

security patch

7.2 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.

CPENameOperatorVersion
umbraco_cmsge12.0.0
umbraco_cmslt12.3.4
umbraco_cmsge10.0.0
umbraco_cmslt10.8.1
umbraco_cmsge8.0.0
umbraco_cmslt8.18.10

Name	Operator	Version
umbraco_cms	ge	12.0.0
umbraco_cms	lt	12.3.4
umbraco_cms	ge	10.0.0
umbraco_cms	lt	10.8.1
umbraco_cms	ge	8.0.0
umbraco_cms	lt	8.18.10

References

github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-8qp8-9rpw-j46c