CVE-2024-48926

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-48926

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-48926.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-48926

Aliases

GHSA-fp6q-gccw-7qqm

Published

2024-10-22T15:47:32.950Z

Modified

2025-12-05T06:44:00.652894Z

Severity

4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Umbraco CMS logout page displayed before session expiration

Details

Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a session timeout message before the server session has fully expired, causing users to believe they have been logged out approximately 30 seconds before they actually are. Versions 13.5.2, 10.8,7, and 8.18.15 contain a patch for the issue.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/48xxx/CVE-2024-48926.json",
    "cwe_ids": [
        "CWE-613"
    ]
}

References

Affected packages

Git / github.com/umbraco/umbraco-cms

Affected ranges

Type

GIT

Repo

https://github.com/umbraco/umbraco-cms

Events

Introduced

9dfb3005bcd68f5399ee13263bfc462c69b39a66

Fixed

3431f763201b0befcd74e26686e9c41ef766e1de

Database specific

{
    "versions": [
        {
            "introduced": "13.0.0"
        },
        {
            "fixed": "13.5.2"
        }
    ]
}

Type

GIT

Repo

https://github.com/umbraco/umbraco-cms

Events

Introduced

e3f4b86f1c28e0ec30a1ad2a079e308af4cbfbf7

Fixed

35c51a029a16435109b3462f5db4cbdeb9189408

Database specific

{
    "versions": [
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.8.7"
        }
    ]
}

Type

GIT

Repo

https://github.com/umbraco/umbraco-cms

Events

Introduced

b8db430615d76521a4394a23f9928dc7c12f87bd

Fixed

4fbf8020bf08dc26bf93f01b02bc39852ee36553

Database specific

{
    "versions": [
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.18.15"
        }
    ]
}

Affected versions

13.*

13.5.0-rc

release-10.*

release-10.0.0

release-10.0.1

release-10.1.0

release-10.1.0-rc

release-10.1.0-rc2

release-10.2.0

release-10.2.0-rc

release-10.2.1

release-10.3.0

release-10.3.0-rc

release-10.3.1

release-10.3.2

release-10.4.0-rc1

release-10.4.1

release-10.5.0

release-10.5.0-rc

release-10.6.0

release-10.6.0-rc

release-10.6.1

release-10.7.0

release-10.7.0-rc

release-10.8.0

release-10.8.0-rc

release-10.8.1

release-10.8.2

release-10.8.3

release-10.8.4

release-10.8.5

release-10.8.6

release-12.*

release-12.3.10

release-12.3.4

release-12.3.5

release-12.3.6

release-12.3.7

release-12.3.8

release-12.3.9

release-13.*

release-13.0.0

release-13.0.1

release-13.0.2

release-13.0.3

release-13.1.0

release-13.1.0-rc

release-13.1.1

release-13.2.0

release-13.2.0-rc

release-13.2.1

release-13.2.2

release-13.3.0

release-13.3.0-rc

release-13.3.1

release-13.3.2

release-13.4.0

release-13.4.0-rc

release-13.4.0-rc2

release-13.4.1

release-13.5.0

release-13.5.1

release/13.*

release/13.1.1