CVE-2024-28868
published 2024-03-20CVE-2024-28868: Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration…
PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.45%
36.0th percentile
Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration attack. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external logins.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| umbraco | umbraco-cms | — | — |
| umbraco | umbraco_cms | >= 10.0.0 < 10.8.5 | 10.8.5 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Umbraco possible user enumeration
ghsa·2024-03-20
CVE-2024-28868 [LOW] CWE-203 Umbraco possible user enumeration
Umbraco possible user enumeration
### Impact
A user enumeration attack is possible.
### Affected versions
Umbraco 10 with access to the native login screen
### Patches
This is fixed in 10.8.5
### Workarounds
Disabling the native login screen, by exclusively use external logins.
OSV
Umbraco possible user enumeration
osv·2024-03-20
CVE-2024-28868 [LOW] Umbraco possible user enumeration
Umbraco possible user enumeration
### Impact
A user enumeration attack is possible.
### Affected versions
Umbraco 10 with access to the native login screen
### Patches
This is fixed in 10.8.5
### Workarounds
Disabling the native login screen, by exclusively use external logins.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/umbraco/Umbraco-CMS/commit/7e1d1a1968000226cd882fff078b122b8d46c44dhttps://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-552f-97wf-pmpqhttps://github.com/umbraco/Umbraco-CMS/commit/7e1d1a1968000226cd882fff078b122b8d46c44dhttps://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-552f-97wf-pmpq
2024-03-20
Published