GHSA-j74q-mv2c-rxmp

Suggest an improvement
Source
https://github.com/advisories/GHSA-j74q-mv2c-rxmp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-j74q-mv2c-rxmp/GHSA-j74q-mv2c-rxmp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-j74q-mv2c-rxmp
Aliases
Published
2024-05-21T14:29:18Z
Modified
2024-05-21T15:47:48.489433Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Umbraco CMS Open Redirect Bypass Protection
Details

Impact

Umbraco have an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice, before the vulnerability is exposed.

Affected Version

>= 8.18.5, >= 10.5.0, >= 12.0.0, >= 13.0.0

Patches

8.18.14, 10.8.6, 12.3.10, 13.3.1

References

Affected packages

NuGet / UmbracoCms.Core

Package

Name
UmbracoCms.Core
View open source insights on deps.dev
Purl
pkg:nuget/UmbracoCms.Core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.18.5
Fixed
8.18.14

Affected versions

8.*

8.18.5
8.18.6
8.18.7
8.18.8
8.18.9
8.18.10
8.18.11
8.18.12
8.18.13

NuGet / UmbracoCms.Core

Package

Name
UmbracoCms.Core
View open source insights on deps.dev
Purl
pkg:nuget/UmbracoCms.Core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10.5.0
Fixed
10.8.6

NuGet / UmbracoCms.Core

Package

Name
UmbracoCms.Core
View open source insights on deps.dev
Purl
pkg:nuget/UmbracoCms.Core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12.0.0
Fixed
12.3.10

NuGet / UmbracoCms.Core

Package

Name
UmbracoCms.Core
View open source insights on deps.dev
Purl
pkg:nuget/UmbracoCms.Core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13.0.0
Fixed
13.3.1

NuGet / Umbraco.Cms.Web.BackOffice

Package

Name
Umbraco.Cms.Web.BackOffice
View open source insights on deps.dev
Purl
pkg:nuget/Umbraco.Cms.Web.BackOffice

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.18.5
Fixed
8.18.14

NuGet / Umbraco.Cms.Web.BackOffice

Package

Name
Umbraco.Cms.Web.BackOffice
View open source insights on deps.dev
Purl
pkg:nuget/Umbraco.Cms.Web.BackOffice

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10.5.0
Fixed
10.8.6

Affected versions

10.*

10.5.0
10.5.1
10.6.0-rc
10.6.0
10.6.1
10.7.0-rc
10.7.0
10.8.0-rc
10.8.0
10.8.1
10.8.2
10.8.3
10.8.4
10.8.5

NuGet / Umbraco.Cms.Web.BackOffice

Package

Name
Umbraco.Cms.Web.BackOffice
View open source insights on deps.dev
Purl
pkg:nuget/Umbraco.Cms.Web.BackOffice

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12.0.0
Fixed
12.3.10

Affected versions

12.*

12.0.0
12.0.1
12.1.0-rc
12.1.0
12.1.1
12.1.2
12.2.0-rc
12.2.0
12.3.0-rc
12.3.0
12.3.1
12.3.2
12.3.3
12.3.4
12.3.5
12.3.6
12.3.7
12.3.8
12.3.9

NuGet / Umbraco.Cms.Web.BackOffice

Package

Name
Umbraco.Cms.Web.BackOffice
View open source insights on deps.dev
Purl
pkg:nuget/Umbraco.Cms.Web.BackOffice

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13.0.0
Fixed
13.3.1

Affected versions

13.*

13.0.0
13.0.1
13.0.2
13.0.3
13.1.0-rc
13.1.0
13.1.1
13.2.0-rc
13.2.0
13.2.1
13.2.2
13.3.0-rc
13.3.0