PT-2023-25870 · Umbraco · Umbraco

1K-Off

Publicado

2023-07-13

Atualizado

2023-07-25

CVE-2023-37267

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Umbraco versions prior to 10.6.1 Umbraco versions prior to 11.4.2 Umbraco versions prior to 12.0.1

Description Under rare conditions, a restart of Umbraco can allow unauthorized users to gain admin-level permissions, potentially leading to unauthorized access to the backoffice.

Recommendations For versions prior to 10.6.1, update to version 10.6.1 or later. For versions prior to 11.4.2, update to version 11.4.2 or later. For versions prior to 12.0.1, update to version 12.0.1 or later. As a temporary workaround, consider enabling the Unattended Install feature to prevent exploitation. Additionally, enabling IP restrictions to /install/* and /umbraco/* can limit exposure to allowed IP addresses.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2023-37267

GHSA-H8WC-R4JH-MG7M

Produtos afetados

Umbraco

PT-2023-25870 · Umbraco · Umbraco

CVE-2023-37267

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11