Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2023/07/13 5:2 p.m.39 views

Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions

Under rare conditions, a restart of Umbraco can allow unauthorized users to gain admin-level permissions. Impact An unauthorized user gaining admin-level access and permissions to the backoffice. Patches 10.6.1, 11.4.2, 12.0.1 Workarounds Enabling the Unattended Install feature will mean the...

9.8CVSS7AI score0.00596EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2023/07/13 5:2 p.m.41 views

GHSA-H8WC-R4JH-MG7M Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions

Under rare conditions, a restart of Umbraco can allow unauthorized users to gain admin-level permissions. Impact An unauthorized user gaining admin-level access and permissions to the backoffice. Patches 10.6.1, 11.4.2, 12.0.1 Workarounds Enabling the Unattended Install feature will mean the...

7.5CVSS8.6AI score0.00596EPSS
Exploits0References6
Snyk
Snyk
added 2023/07/13 5:2 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass. Under rare conditions, a restart of Umbraco can allow unauthorized users to gain admin-level permissions. Workaround 1 Enabling the Unattended Install feature will mean the vulnerability is not exploitable. 2...

9.8CVSS7AI score0.00596EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.8 views

PT-2023-25870 · Umbraco · Umbraco

Name of the Vulnerable Software and Affected Versions: Umbraco versions prior to 10.6.1 Umbraco versions prior to 11.4.2 Umbraco versions prior to 12.0.1 Description: Under rare conditions, a restart of Umbraco can allow unauthorized users to gain admin-level permissions, potentially leading to...

9.8CVSS9.5AI score0.00596EPSS
Exploits0References11
Rows per page
Query Builder