GHSA-552f-97wf-pmpq

Source

https://github.com/advisories/GHSA-552f-97wf-pmpq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-552f-97wf-pmpq/GHSA-552f-97wf-pmpq.json

Aliases

• CVE-2024-28868

Published

2024-03-20T17:54:35Z

Modified

2024-03-20T21:37:59Z

Details

Impact

A user enumeration attack is possible.

Affected versions

Umbraco 10 with access to the native login screen

Patches

This is fixed in 10.8.5

Workarounds

Disabling the native login screen, by exclusively use external logins.

References

• https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-552f-97wf-pmpq
• https://nvd.nist.gov/vuln/detail/CVE-2024-28868
• https://github.com/umbraco/Umbraco-CMS/commit/7e1d1a1968000226cd882fff078b122b8d46c44d
• https://github.com/umbraco/Umbraco-CMS