CVE-2024-48925 Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API

Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to th...

CVE-2024-48925

Umbraco CMS vulnerability CVE-2024-48925 affects versions 14.0.0–14.3.0. Affected components expose the webhook API due to improper access control, allowing low-privilege users to retrieve information restricted to settings-users. Version 14.3.0 contains the patch; remediation is to upgrade to 14...

Umbraco CMS 安全漏洞

Umbraco CMS is a content management system from Umbraco, Denmark. A security vulnerability exists in Umbraco CMS version 14.0.0 up to and including version 14.3.0, which stems from an improper access control issue that allows a low-privileged user to access the webhook API and retrieve informatio...

PT-2024-33273 · Umbraco · Umbraco

Name of the Vulnerable Software and Affected Versions: Umbraco versions 14.0.0 through 14.2.x Description: The issue is related to improper access control, allowing low-privilege users to access the webhook API and retrieve restricted information. This affects the settings section, where access...