SB2023121358 - Multiple vulnerabilities in Umbraco CMS

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Information Exposure Through an Error Message (CVE-ID: CVE-2023-49278)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a missing brute-force protection. A remote attacker can enumerate usernames on the website.

2) Path traversal (CVE-ID: CVE-2023-49089)

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the backoffice component. A remote user with permissions to create packages can send a specially crafted HTTP request and write arbitrary files outside of the expected location.

3) Information exposure through an error message (CVE-ID: CVE-2023-49274)

The vulnerability allows a remote attacker to enumerate registered users.

The vulnerability exists due to incorrect implementation of password reset feature, when SMTP is not setup correctly. A remote attacker can enumerate registered users.

4) Improper access control (CVE-ID: CVE-2023-49273)

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user with Editor privileges can bypass implemented security restrictions and gain unauthorized access to the application.

Remediation

Install update from vendor's website.

References

• https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-7x74-h8cw-qhxq
• https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6324-52pr-h4p5
• https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-8qp8-9rpw-j46c
• https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-cfr5-7p54-4qg8