Launch Week Day 1: Announcing Security Design Review

Blind SSRF Leads to Port Scan by using Webhooks

GHSA-74p6-39f2-23v3 · CVE-2024-29035

Published Apr 17, 2024 · Modified Feb 12, 2025

Description

Impact

Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical.

Affected Versions

Umbraco versions 13.0.0 - 13.1.1

Patches

13.1.1

Workarounds

Disabling webhooks functionality.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes