GHSA-q62r-8ppj-xvf4

Suggest an improvement
Source
https://github.com/advisories/GHSA-q62r-8ppj-xvf4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-q62r-8ppj-xvf4/GHSA-q62r-8ppj-xvf4.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-q62r-8ppj-xvf4
Aliases
Published
2025-04-09T12:49:38Z
Modified
2025-04-09T17:32:13.162092Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users
Details

Impact

Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location.

Patches

The issue affects Umbraco 14+ and is patched in 14.3.4 and 15.3.1.

Workarounds

Umbraco supports the configuration of allowed and disallowed file extensions. Using these options to allow only necessary file extensions significantly reduces the scope of the vulnerability.

Database specific
{
    "nvd_published_at": "2025-04-08T16:15:27Z",
    "cwe_ids": [
        "CWE-22",
        "CWE-23"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-09T12:49:38Z"
}
References

Affected packages

NuGet / Umbraco.Cms

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14.0.0--preview004
Fixed
14.3.4

Affected versions

14.*

14.0.0-rc1
14.0.0-rc2
14.0.0-rc3
14.0.0-rc4
14.0.0-rc5
14.0.0
14.1.0-rc
14.1.0-rc2
14.1.0
14.1.1
14.1.2
14.2.0-rc
14.2.0-rc2
14.2.0-rc3
14.2.0
14.3.0-rc
14.3.0
14.3.1
14.3.2
14.3.3

NuGet / Umbraco.Cms

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15.0.0-rc1
Fixed
15.3.1

Affected versions

15.*

15.0.0-rc1
15.0.0-rc2
15.0.0-rc3
15.0.0-rc4
15.0.0
15.1.0-rc
15.1.0-rc2
15.1.0
15.1.1
15.1.2
15.2.0-rc
15.2.0
15.2.1
15.2.2
15.2.3
15.3.0-rc
15.3.0-rc2
15.3.0