CVE-2024-43377

Name of the Vulnerable Software and Affected Versions Umbraco CMS versions prior to 14.1.2

Description The issue allows an authenticated user to access a few unintended endpoints. This is because a few endpoints in the Umbraco Management API were not properly protected, requiring only authentication. As a result, it was possible to retrieve information from these endpoints using a member token.

Recommendations For versions prior to 14.1.2, update to version 14.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the unintended endpoints in the Umbraco Management API until the update is applied.