PT-2024-25682 · Umbraco · Umbraco
0Xryuzak1
·
Published
2024-05-21
·
Updated
2025-02-12
·
CVE-2024-34071
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Umbraco versions 8.18.5 through 8.18.13
Umbraco versions 10.5.0 through 10.8.5
Umbraco versions 12.0.0 through 12.3.9
Umbraco versions 13.0.0 through 13.3.0
Description
Umbraco is an ASP.NET CMS used by more than 730,000 websites. It has an endpoint that is vulnerable to open redirects. The endpoint is protected, requiring the user to be signed into the backoffice before the vulnerability is exposed.
Recommendations
For Umbraco versions 8.18.5 through 8.18.13, update to version 8.18.14 to resolve the issue.
For Umbraco versions 10.5.0 through 10.8.5, update to version 10.8.6 to resolve the issue.
For Umbraco versions 12.0.0 through 12.3.9, update to version 12.3.10 to resolve the issue.
For Umbraco versions 13.0.0 through 13.3.0, update to version 13.3.1 to resolve the issue.
Exploit
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Umbraco