GHSA-4gp9-ff99-j6vj

Source

https://github.com/advisories/GHSA-4gp9-ff99-j6vj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-4gp9-ff99-j6vj/GHSA-4gp9-ff99-j6vj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4gp9-ff99-j6vj

Aliases

CVE-2024-48925

Published

2024-10-22T17:51:26Z

Modified

2024-10-22T19:33:59.257156Z

Severity

0.0 (None) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N CVSS Calculator

Summary

Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API

Details

Impact

An improper access control issue has been identified, allowing low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section

References

Affected packages

NuGet / Umbraco.CMS

Package

Name: Umbraco.CMS; View open source insights on deps.dev
Purl: pkg:nuget/Umbraco.CMS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

14.0.0

Fixed

14.3.0

Affected versions

14.*

14.0.0

14.1.0-rc

14.1.0-rc2

14.1.0

14.1.1

14.1.2

14.2.0-rc

14.2.0-rc2

14.2.0-rc3

14.2.0

14.3.0-rc