GHSA-74p6-39f2-23v3

Suggest an improvement
Source
https://github.com/advisories/GHSA-74p6-39f2-23v3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-74p6-39f2-23v3/GHSA-74p6-39f2-23v3.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-74p6-39f2-23v3
Aliases
Published
2024-04-17T18:20:28Z
Modified
2024-04-17T18:41:53.440069Z
Severity
  • 4.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N CVSS Calculator
Summary
Blind SSRF Leads to Port Scan by using Webhooks
Details

Impact

Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical.

Affected Versions

Umbraco versions 13.0.0 - 13.1.1

Patches

13.1.1

Workarounds

Disabling webhooks functionality.

Database specific 
{
    "nvd_published_at": "2024-04-17T15:15:07Z",
    "cwe_ids": [
        "CWE-918"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-17T18:20:28Z"
}
References

Affected packages

NuGet / Umbraco.Cms.Core

Package

Name
Umbraco.Cms.Core
View open source insights on deps.dev
Purl
pkg:nuget/Umbraco.Cms.Core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13.0.0
Fixed
13.1.1

Affected versions

13.*

13.0.0
13.0.1
13.0.2
13.0.3
13.1.0-rc
13.1.0

NuGet / Umbraco.Cms.Web.BackOffice

Package

Name
Umbraco.Cms.Web.BackOffice
View open source insights on deps.dev
Purl
pkg:nuget/Umbraco.Cms.Web.BackOffice

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13.0.0
Fixed
13.1.1

Affected versions

13.*

13.0.0
13.0.1
13.0.2
13.0.3
13.1.0-rc
13.1.0