PT-2024-33276 · Umbraco · Umbraco
Bergmania
·
Published
2024-10-22
·
Updated
2024-10-25
·
CVE-2024-48929
CVSS v3.1
4.2
Medium
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Umbraco versions 13.x prior to 13.5.2
Umbraco versions 10.x prior to 10.8.7
Description
The issue occurs during an explicit sign-out, where the server session is not fully terminated. This affects Umbraco, a free and open source .NET content management system.
Recommendations
For Umbraco versions 13.x prior to 13.5.2, update to version 13.5.2 to resolve the issue.
For Umbraco versions 10.x prior to 10.8.7, update to version 10.8.7 to resolve the issue.
Exploit
Fix
Session Fixation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Umbraco