CVE-2022-29287

Name of the Vulnerable Software and Affected Versions Kentico CMS versions prior to 13.0.66

Description The issue allows an attacker with user management rights, such as an Administrator, to export the user options of any user, including those with higher privileges like Global Administrators. The exported XML contains every option of the exported user, including the hashed password.

Recommendations For versions prior to 13.0.66, update to version 13.0.66 or later to resolve the issue. As a temporary workaround, consider restricting user management rights to prevent unauthorized access to user options.