GHSA-j74q-mv2c-rxmp

Source

https://github.com/advisories/GHSA-j74q-mv2c-rxmp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-j74q-mv2c-rxmp/GHSA-j74q-mv2c-rxmp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-j74q-mv2c-rxmp

Aliases

CVE-2024-34071

Published

2024-05-21T14:29:18Z

Modified

2024-05-21T15:47:48.489433Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Umbraco CMS Open Redirect Bypass Protection

Details

Impact

Umbraco have an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice, before the vulnerability is exposed.

Affected Version

>= 8.18.5, >= 10.5.0, >= 12.0.0, >= 13.0.0

Patches

8.18.14, 10.8.6, 12.3.10, 13.3.1

Database specific

{
    "nvd_published_at": "2024-05-21T14:15:11Z",
    "cwe_ids": [
        "CWE-601"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-21T14:29:18Z"
}

References

Affected packages

NuGet / UmbracoCms.Core

Package

Name: UmbracoCms.Core; View open source insights on deps.dev
Purl: pkg:nuget/UmbracoCms.Core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.18.5

Fixed

8.18.14

Affected versions

8.*

8.18.5

8.18.6

8.18.7

8.18.8

8.18.9

8.18.10

8.18.11

8.18.12

8.18.13

NuGet / UmbracoCms.Core

Package

Name: UmbracoCms.Core; View open source insights on deps.dev
Purl: pkg:nuget/UmbracoCms.Core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10.5.0

Fixed

10.8.6

NuGet / UmbracoCms.Core

Package

Name: UmbracoCms.Core; View open source insights on deps.dev
Purl: pkg:nuget/UmbracoCms.Core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12.0.0

Fixed

12.3.10

NuGet / UmbracoCms.Core

Package

Name: UmbracoCms.Core; View open source insights on deps.dev
Purl: pkg:nuget/UmbracoCms.Core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13.0.0

Fixed

13.3.1

NuGet / Umbraco.Cms.Web.BackOffice

Package

Name: Umbraco.Cms.Web.BackOffice; View open source insights on deps.dev
Purl: pkg:nuget/Umbraco.Cms.Web.BackOffice

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.18.5

Fixed

8.18.14

NuGet / Umbraco.Cms.Web.BackOffice

Package

Name: Umbraco.Cms.Web.BackOffice; View open source insights on deps.dev
Purl: pkg:nuget/Umbraco.Cms.Web.BackOffice

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10.5.0

Fixed

10.8.6

Affected versions

10.*

10.5.0

10.5.1

10.6.0-rc

10.6.0

10.6.1

10.7.0-rc

10.7.0

10.8.0-rc

10.8.0

10.8.1

10.8.2

10.8.3

10.8.4

10.8.5

NuGet / Umbraco.Cms.Web.BackOffice

Package

Name: Umbraco.Cms.Web.BackOffice; View open source insights on deps.dev
Purl: pkg:nuget/Umbraco.Cms.Web.BackOffice

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12.0.0

Fixed

12.3.10

Affected versions

12.*

12.0.0

12.0.1

12.1.0-rc

12.1.0

12.1.1

12.1.2

12.2.0-rc

12.2.0

12.3.0-rc

12.3.0

12.3.1

12.3.2

12.3.3

12.3.4

12.3.5

12.3.6

12.3.7

12.3.8

12.3.9

NuGet / Umbraco.Cms.Web.BackOffice

Package

Name: Umbraco.Cms.Web.BackOffice; View open source insights on deps.dev
Purl: pkg:nuget/Umbraco.Cms.Web.BackOffice

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13.0.0

Fixed

13.3.1

Affected versions

13.*

13.0.0

13.0.1

13.0.2

13.0.3

13.1.0-rc

13.1.0

13.1.1

13.2.0-rc

13.2.0

13.2.1

13.2.2

13.3.0-rc

13.3.0