VYPR
High severityNVD Advisory· Published Jul 13, 2023· Updated Oct 31, 2024

Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions

CVE-2023-37267

Description

Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Umbraco.Cms.InfrastructureNuGet
>= 9.0.0, < 10.6.110.6.1
Umbraco.Cms.InfrastructureNuGet
>= 11.0.0, < 11.4.211.4.2
Umbraco.Cms.InfrastructureNuGet
>= 12.0.0, < 12.0.112.0.1
Umbraco.Cms.Web.BackOfficeNuGet
>= 9.0.0, < 10.6.110.6.1
Umbraco.Cms.Web.BackOfficeNuGet
>= 11.0.0, < 11.4.211.4.2
Umbraco.Cms.Web.BackOfficeNuGet
>= 12.0.0, < 12.0.112.0.1

Affected products

3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.