CVE-2023-49273

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.

Published: Dec 12, 2023
Updated: May 9, 2024
CVE: CVE-2023-49273
GHSA: GHSA-cfr5-7p54-4qg8
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
Umbraco.CMS	8.0.0	8.18.10
Umbraco.CMS	9.0.0	10.8.1
Umbraco.CMS	11.0.0	12.3.4
umbraco / umbraco_cms	12.0.0	12.3.4
umbraco / umbraco_cms	10.0.0	10.8.1
umbraco / umbraco_cms	8.0.0	8.18.10

https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-cfr5-7p54-4qg8

Vulnerability Database

289,697

CVE-2023-49273