GHSA-4gp9-ff99-j6vj

Suggest an improvement
Source
https://github.com/advisories/GHSA-4gp9-ff99-j6vj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-4gp9-ff99-j6vj/GHSA-4gp9-ff99-j6vj.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-4gp9-ff99-j6vj
Aliases
Published
2024-10-22T17:51:26Z
Modified
2024-10-22T19:33:59.257156Z
Severity
  • 0.0 (None) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N CVSS Calculator
Summary
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
Details

Impact

An improper access control issue has been identified, allowing low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section

Database specific 
{
    "github_reviewed_at": "2024-10-22T17:51:26Z",
    "cwe_ids": [
        "CWE-284",
        "CWE-863"
    ],
    "nvd_published_at": "2024-10-22T16:15:07Z",
    "severity": "LOW",
    "github_reviewed": true
}
References

Affected packages

NuGet / Umbraco.CMS

Package

Name
Umbraco.CMS
View open source insights on deps.dev
Purl
pkg:nuget/Umbraco.CMS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14.0.0
Fixed
14.3.0

Affected versions

14.*

14.0.0
14.1.0-rc
14.1.0-rc2
14.1.0
14.1.1
14.1.2
14.2.0-rc
14.2.0-rc2
14.2.0-rc3
14.2.0
14.3.0-rc