CVE-2024-43376

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-43376

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43376.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-43376

Aliases

GHSA-77gj-crhp-3gvx

Published

2024-08-20T14:40:20.338Z

Modified

2025-12-05T05:59:41.768820Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information

Details

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.

Database specific

{
    "cwe_ids": [
        "CWE-209"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43376.json"
}

References

Affected packages

Git / github.com/umbraco/umbraco-cms

Affected ranges

Type: GIT
Repo: https://github.com/umbraco/umbraco-cms
Events: Introduced

8685c7d64a1c597983cfb82e1bd1d269d22e4508

Fixed

b76070c794925932cb159ef50b851db6e966a004

Affected versions

release-10.*

release-10.8.6

release-12.*

release-12.3.10

release-13.*

release-13.3.0

release-13.3.1

release-13.3.2

release-13.4.0

release-13.4.0-rc

release-13.4.0-rc2

release-14.*

release-14.0.0

release-14.1.0

release-14.1.0-rc

release-14.1.0-rc2

release-14.1.1