CVE-2023-37267
Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.
| Software | From | Fixed in |
|---|---|---|
Umbraco.Cms.Infrastructure
|
9.0.0 | 10.6.1 |
|
Umbraco.Cms.Infrastructure
|
11.0.0 | 11.4.2 |
|
Umbraco.Cms.Infrastructure
|
12.0.0 | 12.0.0.x |
|
Umbraco.Cms.Infrastructure
|
12.0.0 | 12.0.1 |
|
Umbraco.Cms.Web.BackOffice
|
9.0.0 | 10.6.1 |
|
Umbraco.Cms.Web.BackOffice
|
11.0.0 | 11.4.2 |
|
Umbraco.Cms.Web.BackOffice
|
12.0.0 | 12.0.0.x |
|
Umbraco.Cms.Web.BackOffice
|
12.0.0 | 12.0.1 |
| umbraco / umbraco_cms | 12.0.0 | 12.0.1 |
| umbraco / umbraco_cms | 10.0.0 | 10.6.1 |
| umbraco / umbraco_cms | 11.0.0 | 11.4.2 |
- https://github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb041e410e
- https://github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644e7b569
- https://github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b18020e1fed
- https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7m
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime