Umbraco CMS Improper Access Control vulnerability

GHSA-hrww-x3fq-xcvh · CVE-2024-43377

Published Aug 20, 2024 · Modified Sep 17, 2024

Description

Impact

As an authenticated user one can access a few unintended endpoints

Explanation of the vulnerability

Few endpoints in Umbraco Management API was not protected by a specific section. These just required you to be authenticated. Due to the fact that a member is also just authenticated, it was possible to get info from these endpoints using a member token.

References

WEB https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-hrww-x3fq-xcvh
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-43377
WEB https://github.com/umbraco/Umbraco-CMS/commit/72bef8861d94a39d5cc9530a04c4797b91fcbecf
PACKAGE https://github.com/umbraco/Umbraco-CMS

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes