CVE-2024-43377
published 2024-08-20CVE-2024-43377: Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2.
PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.24%
15.5th percentile
Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| umbraco | umbraco-cms | — | — |
| umbraco | umbraco_cms | >= 14.0.0 < 14.1.2 | 14.1.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Umbraco CMS Improper Access Control vulnerability
osv·2024-08-20
CVE-2024-43377 [MEDIUM] Umbraco CMS Improper Access Control vulnerability
Umbraco CMS Improper Access Control vulnerability
### Impact
As an authenticated user one can access a few unintended endpoints
### Explanation of the vulnerability
Few endpoints in Umbraco Management API was not protected by a specific section. These just required you to be authenticated. Due to the fact that a member is also just authenticated, it was possible to get info from these endpoints using a member token.
GHSA
Umbraco CMS Improper Access Control vulnerability
ghsa·2024-08-20
CVE-2024-43377 [MEDIUM] CWE-284 Umbraco CMS Improper Access Control vulnerability
Umbraco CMS Improper Access Control vulnerability
### Impact
As an authenticated user one can access a few unintended endpoints
### Explanation of the vulnerability
Few endpoints in Umbraco Management API was not protected by a specific section. These just required you to be authenticated. Due to the fact that a member is also just authenticated, it was possible to get info from these endpoints using a member token.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-20
Published