CVE-2023-49273

Name of the Vulnerable Software and Affected Versions Umbraco versions 8.0.0 through 8.18.9 Umbraco versions 10.0.0 through 10.8.0 Umbraco versions 12.0.0 through 12.3.3

Description Umbraco is an ASP.NET content management system (CMS) where users with low privileges, such as Editors, can access unintended endpoints. This issue allows such users to perform actions they should not be able to, including accessing certain dashboards and modifying settings. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For Umbraco versions 8.0.0 through 8.18.9, update to version 8.18.10 to resolve the issue. For Umbraco versions 10.0.0 through 10.8.0, update to version 10.8.1 to resolve the issue. For Umbraco versions 12.0.0 through 12.3.3, update to version 12.3.4 to resolve the issue. As a temporary workaround, consider restricting access to unintended endpoints until a patch is applied.