Moderate severityNVD Advisory· Published Aug 20, 2024· Updated Sep 3, 2024
Umbraco CMS Improper Access Control vulnerability
CVE-2024-43377
Description
Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Umbraco.CmsNuGet | >= 14.0.0, < 14.1.2 | 14.1.2 |
Affected products
2- Range: >= 14.0.0, < 14.1.2
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-hrww-x3fq-xcvhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-43377ghsaADVISORY
- github.com/umbraco/Umbraco-CMS/commit/72bef8861d94a39d5cc9530a04c4797b91fcbecfghsax_refsource_MISCWEB
- github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-hrww-x3fq-xcvhghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.