CVE-2024-29035
published 2024-04-17CVE-2024-29035: Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This…
PriorityP425medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.43%
34.5th percentile
Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| umbraco | umbraco-cms | — | — |
| umbraco | umbraco_cms | >= 13.0.0 < 13.1.1 | 13.1.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Blind SSRF Leads to Port Scan by using Webhooks
osv·2024-04-17
CVE-2024-29035 [MEDIUM] Blind SSRF Leads to Port Scan by using Webhooks
Blind SSRF Leads to Port Scan by using Webhooks
### Impact
Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical.
### Affected Versions
Umbraco versions 13.0.0 - 13.1.1
### Patches
13.1.1
### Workarounds
Disabling webhooks functionality.
GHSA
Blind SSRF Leads to Port Scan by using Webhooks
ghsa·2024-04-17
CVE-2024-29035 [MEDIUM] CWE-918 Blind SSRF Leads to Port Scan by using Webhooks
Blind SSRF Leads to Port Scan by using Webhooks
### Impact
Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical.
### Affected Versions
Umbraco versions 13.0.0 - 13.1.1
### Patches
13.1.1
### Workarounds
Disabling webhooks functionality.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3https://github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3
2024-04-17
Published