CVE-2024-43376

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.

Published: Aug 20, 2024
Updated: May 4, 2025
CVE: CVE-2024-43376
GHSA: GHSA-77gj-crhp-3gvx
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-209

OWASP TOP 10:

A6 - Security Misconfiguration

Affected Software
References

Software	From	Fixed in
Umbraco.Cms.Api.Management	14.0.0	14.1.2
umbraco / umbraco_cms	14.0.0	14.1.2

https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx

Vulnerability Database

289,697

CVE-2024-43376