2 matches found
CVE-2023-48227
Umbraco is an ASP.NET content management system CMS. Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a...
CVE-2023-48227
CVE-2023-48227 affects Umbraco CMS (Backoffice) where users with only the “send for approval” permission can publish content in certain scenarios. The root cause is an incorrect authorization check in the workflow that does not differentiate between users with publish vs. send-for-approval permis...