QwikSec

Security Database

CVE

CWE

Training

CVE-2024-34071

Published: May 21, 2024

Modified: Aug 2, 2024

PUBLISHED

CVSS v3.1

6.1

MEDIUM

Description

Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in version(s) 8.18.14, 10.8.6, 12.3.10 and 13.3.1.

Vendor	Product	Versions
umbraco	Umbraco-CMS	affected `>= 8.18.5, < 8.18.14` affected `>= 10.5.0, < 10.8.6` affected `>= 12.0.0, < 12.3.10` affected `>= 13.0.0, < 13.3.1`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-j74q-mv2c-rxmp

x_refsource_CONFIRM

https://github.com/umbraco/Umbraco-CMS/commit/5f24de308584b9771240a6db1a34630a5114c450

x_refsource_MISC

https://github.com/umbraco/Umbraco-CMS/commit/c17d4e1a600098ec524e4126f4395255476bc33f

x_refsource_MISC

https://github.com/umbraco/Umbraco-CMS/commit/c8f71af646171074c13e5c34f74312def4512031

x_refsource_MISC

https://github.com/umbraco/Umbraco-CMS/commit/d8df405db4ea884bb4b96f088d10d9a2070cf024

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.