Umbraco CMS Open Redirect Bypass Protection

GHSA-j74q-mv2c-rxmp · CVE-2024-34071

Published May 21, 2024 · Modified Feb 12, 2025

Description

Impact

Umbraco have an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice, before the vulnerability is exposed.

Affected Version

>= 8.18.5, >= 10.5.0, >= 12.0.0, >= 13.0.0

Patches

8.18.14, 10.8.6, 12.3.10, 13.3.1

References

WEB https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-j74q-mv2c-rxmp
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-34071
WEB https://github.com/umbraco/Umbraco-CMS/commit/5f24de308584b9771240a6db1a34630a5114c450
WEB https://github.com/umbraco/Umbraco-CMS/commit/c17d4e1a600098ec524e4126f4395255476bc33f
WEB https://github.com/umbraco/Umbraco-CMS/commit/c8f71af646171074c13e5c34f74312def4512031
WEB https://github.com/umbraco/Umbraco-CMS/commit/d8df405db4ea884bb4b96f088d10d9a2070cf024
PACKAGE https://github.com/umbraco/Umbraco-CMS

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes