6 matches found
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload through a manipulated API request. An attacker can upload unauthorized files by crafting a request that bypasses the configured file extension checks. Remediation Upgrade Umbraco.Cms.Core to version 15.4.2,...
Observable Response Discrepancy
Overview Affected versions of this package are vulnerable to Observable Response Discrepancy due to the timing analysis of post-login API responses. An attacker can determine if a specific user account exists by observing the response times. Remediation Upgrade Umbraco.Cms.Core to version 10.8.10...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure which allows an attacker to determine the existence of user accounts by analyzing the response times and codes. Remediation Upgrade Umbraco.Cms.Core to version 14.3.2, 15.1.2 or higher. References - GitHub Commit -...
URL Redirection to Untrusted Site ('Open Redirect')
Overview Affected versions of this package are vulnerable to URL Redirection to Untrusted Site 'Open Redirect' in the endpoint of the library. An attacker can redirect users to malicious sites by exploiting the open redirect vulnerability. Remediation Upgrade Umbraco.Cms.Core to version 8.18.14,...
Information Exposure
Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to Information Exposure due to the logging of failing webhooks when the solution is not in debug mode. An attacker can obtain critical information that should not be accessible externally by exploiting th...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' due to insufficient validation of user-supplied input in the package creation functionality. An attacker with permission to...