CVE-2024-34071
published 2024-05-21CVE-2024-34071: Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it…
PriorityP428medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.38%
29.3th percentile
Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in version(s) 8.18.14, 10.8.6, 12.3.10 and 13.3.1.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| umbraco | umbraco-cms | — | — |
| umbraco | umbraco-cms | — | — |
| umbraco | umbraco-cms | — | — |
| umbraco | umbraco-cms | — | — |
| umbraco | umbraco_cms | >= 10.5.0 < 10.8.6 | 10.8.6 |
| umbraco | umbraco_cms | >= 12.0.0 < 12.3.10 | 12.3.10 |
| umbraco | umbraco_cms | >= 13.0.0 < 13.3.1 | 13.3.1 |
| umbraco | umbraco_cms | >= 8.18.5 < 8.18.14 | 8.18.14 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Umbraco CMS Open Redirect Bypass Protection
osv·2024-05-21
CVE-2024-34071 [MEDIUM] Umbraco CMS Open Redirect Bypass Protection
Umbraco CMS Open Redirect Bypass Protection
### Impact
Umbraco have an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice, before the vulnerability is exposed.
### Affected Version
\>= 8.18.5, >= 10.5.0, >= 12.0.0, >= 13.0.0
### Patches
8.18.14, 10.8.6, 12.3.10, 13.3.1
GHSA
Umbraco CMS Open Redirect Bypass Protection
ghsa·2024-05-21
CVE-2024-34071 [MEDIUM] CWE-601 Umbraco CMS Open Redirect Bypass Protection
Umbraco CMS Open Redirect Bypass Protection
### Impact
Umbraco have an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice, before the vulnerability is exposed.
### Affected Version
\>= 8.18.5, >= 10.5.0, >= 12.0.0, >= 13.0.0
### Patches
8.18.14, 10.8.6, 12.3.10, 13.3.1
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/umbraco/Umbraco-CMS/commit/5f24de308584b9771240a6db1a34630a5114c450https://github.com/umbraco/Umbraco-CMS/commit/c17d4e1a600098ec524e4126f4395255476bc33fhttps://github.com/umbraco/Umbraco-CMS/commit/c8f71af646171074c13e5c34f74312def4512031https://github.com/umbraco/Umbraco-CMS/commit/d8df405db4ea884bb4b96f088d10d9a2070cf024https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-j74q-mv2c-rxmphttps://github.com/umbraco/Umbraco-CMS/commit/5f24de308584b9771240a6db1a34630a5114c450https://github.com/umbraco/Umbraco-CMS/commit/c17d4e1a600098ec524e4126f4395255476bc33fhttps://github.com/umbraco/Umbraco-CMS/commit/c8f71af646171074c13e5c34f74312def4512031https://github.com/umbraco/Umbraco-CMS/commit/d8df405db4ea884bb4b96f088d10d9a2070cf024https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-j74q-mv2c-rxmp
2024-05-21
Published