GHSA-6324-52pr-h4p5

Suggest an improvement
Source
https://github.com/advisories/GHSA-6324-52pr-h4p5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-6324-52pr-h4p5/GHSA-6324-52pr-h4p5.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-6324-52pr-h4p5
Aliases
Published
2023-12-13T13:24:53Z
Modified
2024-02-16T08:17:27.590275Z
Severity
  • 0.0 (None) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:N CVSS Calculator
Summary
Using the directory back payload (“/../”) in a package name allows placement of package in other folders.
Details

Impact

Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location.

Explanation of the vulnerability

The “Package” section in Umbraco Backoffice allows a logged in user to write folders outside of the default package directory.

Database specific
{
    "nvd_published_at": "2023-12-12T19:15:07Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-13T13:24:53Z"
}
References

Affected packages

NuGet / Umbraco.CMS

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0.0
Fixed
8.18.10

NuGet / Umbraco.CMS

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9.0.0
Fixed
10.8.1

Affected versions

9.*

9.0.0
9.0.1
9.1.0-rc
9.1.0
9.1.1
9.1.2
9.2.0-rc
9.2.0
9.3.0-rc
9.3.0
9.3.1
9.4.0-rc
9.4.0
9.4.1
9.4.2
9.4.3
9.5.0-rc
9.5.0-rc2
9.5.0-rc3
9.5.0
9.5.1
9.5.2
9.5.3
9.5.4

10.*

10.0.0-rc1
10.0.0-rc2
10.0.0-rc3
10.0.0-rc4
10.0.0-rc5
10.0.0
10.0.1
10.1.0-rc
10.1.0-rc2
10.1.0
10.1.1
10.2.0-rc
10.2.0
10.2.1
10.3.0-rc
10.3.0
10.3.1
10.3.2
10.4.0-rc
10.4.0
10.4.1
10.4.2
10.5.0-rc
10.5.0
10.5.1
10.6.0-rc
10.6.0
10.6.1
10.7.0-rc
10.7.0
10.8.0-rc
10.8.0

NuGet / Umbraco.CMS

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11.0.0
Fixed
12.3.4

Affected versions

11.*

11.0.0
11.1.0-rc
11.1.0
11.2.0-rc
11.2.0
11.2.1
11.2.2
11.3.0-rc
11.3.0
11.3.1
11.4.0-rc
11.4.0
11.4.1
11.4.2
11.5.0-rc
11.5.0

12.*

12.0.0-rc1
12.0.0-rc2
12.0.0-rc3
12.0.0-rc4
12.0.0-rc5
12.0.0
12.0.1
12.1.0-rc
12.1.0
12.1.1
12.1.2
12.2.0-rc
12.2.0
12.3.0-rc
12.3.0
12.3.1
12.3.2
12.3.3