CVE-2024-48925

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Umbraco versions 14.0.0 through 14.2.x

Description The issue is related to improper access control, allowing low-privilege users to access the webhook API and retrieve restricted information. This affects the settings section, where access should be limited to users with appropriate permissions.

Recommendations For Umbraco versions 14.0.0 through 14.2.x, update to version 14.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the webhook API until the patch is applied.

Exploit

Fix

Improper Access Control

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-863

Related Identifiers

CVE-2024-48925

GHSA-4GP9-FF99-J6VJ

Affected Products

Umbraco

CVE-2024-48925

Weakness Enumeration

Related Identifiers

Affected Products

References · 8