Lucene search
+L

7 matches found

veracode
veracode
added 2025/08/13 12:11 p.m.5 views

Improper Access Control

umbraco.cms.api.delivery is vulnerable to improper access control. The vulnerability is due to output caching not varying by the API key authorization header, which allows an attacker to access cached API responses without a valid key if they were previously requested by an authorized user...

5.3CVSS7AI score0.00329EPSS
Exploits0References7Affected Software1
cvelist
cvelist
added 2025/07/30 1:41 p.m.41 views

CVE-2025-54425 Umbraco's Delivery API allows for cached requests to be returned with an invalid API key

Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15.0.0 through 15.4.1 and 16.0.0 through 16.1.0, the content delivery API can be restricted from public access where an API key must be provided in a header to authorize the request. It's also possible to configure output caching, such...

5.3CVSS0.00329EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2025/07/30 1:41 p.m.7 views

CVE-2025-54425 Umbraco's Delivery API allows for cached requests to be returned with an invalid API key

Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15.0.0 through 15.4.1 and 16.0.0 through 16.1.0, the content delivery API can be restricted from public access where an API key must be provided in a header to authorize the request. It's also possible to configure output caching, such...

5.3CVSS6.9AI score0.00329EPSS
Exploits0References5
cve
cve
added 2025/07/30 1:41 p.m.43 views

CVE-2025-54425

CVE-2025-54425 affects Umbraco’s Delivery API. When public access is restricted by an API key header and output caching is enabled, the cache does not vary by the API key header, potentially returning cached responses to users without a valid API key if a prior request with a valid key occurred. ...

5.3CVSS6.3AI score0.00329EPSS
Exploits0References5Affected Software1
snyk
snyk
added 2025/07/29 7:10 p.m.8 views

Missing Authorization

Overview Umbraco.Cms.Api.Delivery is a presentation layer for the Umbraco CMS Delivery API. Affected versions of this package are vulnerable to Missing Authorization in IOutputCachePolicy.CacheRequestAsync. An attacker can access sensitive information by sending requests without a valid API key a...

5.3CVSS6.7AI score0.00329EPSS
Exploits0References2
github
github
added 2025/07/29 7:10 p.m.20 views

Umbraco Delivery API allows for cached requests to be returned with an invalid API key

Impact Umbraco's content delivery API can be restricted from public access such that an API key must be provided in a header to authorize the request. It's also possible to configure output caching, such that the delivery API outputs will be cached for a period of time, improving performance...

5.3CVSS7AI score0.00329EPSS
Exploits0References7Affected Software1
osv
osv
added 2025/07/29 7:10 p.m.8 views

GHSA-75VQ-QVHR-7FFR Umbraco Delivery API allows for cached requests to be returned with an invalid API key

Impact Umbraco's content delivery API can be restricted from public access such that an API key must be provided in a header to authorize the request. It's also possible to configure output caching, such that the delivery API outputs will be cached for a period of time, improving performance...

5.3CVSS7AI score0.00329EPSS
Exploits0References7
Rows per page
Query Builder