Multiple vulnerabilities in Umbraco CMS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2023-49278 CVE-2023-49089 CVE-2023-49274 CVE-2023-49273 |
| CWE-ID | CWE-209 CWE-22 CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Umbraco CMS Web applications / CMS |
| Vendor | Umbraco |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Information Exposure Through an Error Message
EUVDB-ID: #VU84404
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-49278
CWE-ID:
CWE-209 - Information Exposure Through an Error Message
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a missing brute-force protection. A remote attacker can enumerate usernames on the website.
Install updates from vendor's website.
Vulnerable software versionsUmbraco CMS: 8.0.0 - 12.3.3
CPE2.3- cpe:2.3:a:umbraco:umbraco:10.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:umbraco:umbraco:12.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:umbraco:umbraco:11.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:umbraco:umbraco:8.18.9:*:*:*:*:*:*:*
- cpe:2.3:a:umbraco:umbraco:9.5.4:*:*:*:*:*:*:*
http://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-7x74-h8cw-qhxq
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Path traversal
EUVDB-ID: #VU84403
Risk: Low
CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-49089
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the backoffice component. A remote user with permissions to create packages can send a specially crafted HTTP request and write arbitrary files outside of the expected location.
MitigationInstall update from vendor's website.
Vulnerable software versionsUmbraco CMS: 8.0.0 - 12.3.3
CPE2.3- cpe:2.3:a:umbraco:umbraco:10.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:umbraco:umbraco:12.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:umbraco:umbraco:11.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:umbraco:umbraco:8.18.9:*:*:*:*:*:*:*
- cpe:2.3:a:umbraco:umbraco:9.5.4:*:*:*:*:*:*:*
http://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6324-52pr-h4p5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information exposure through an error message
EUVDB-ID: #VU84400
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-49274
CWE-ID:
CWE-209 - Information Exposure Through an Error Message
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to enumerate registered users.
The vulnerability exists due to incorrect implementation of password reset feature, when SMTP is not setup correctly. A remote attacker can enumerate registered users.
Install updates from vendor's website.
Vulnerable software versionsUmbraco CMS: 8.0.0 - 12.3.3
CPE2.3- cpe:2.3:a:umbraco:umbraco:10.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:umbraco:umbraco:12.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:umbraco:umbraco:11.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:umbraco:umbraco:8.18.9:*:*:*:*:*:*:*
- cpe:2.3:a:umbraco:umbraco:9.5.4:*:*:*:*:*:*:*
http://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-8qp8-9rpw-j46c
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU84399
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-49273
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user with Editor privileges can bypass implemented security restrictions and gain unauthorized access to the application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsUmbraco CMS: 8.0.0 - 12.3.3
CPE2.3- cpe:2.3:a:umbraco:umbraco:12.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:umbraco:umbraco:11.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:umbraco:umbraco:10.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:umbraco:umbraco:9.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:umbraco:umbraco:8.18.9:*:*:*:*:*:*:*
http://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-cfr5-7p54-4qg8
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
