CVE-2020-29454

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-29454
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-29454.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-29454
Aliases
Published
2020-12-02T02:15:11Z
Modified
2024-10-12T06:34:17.931955Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.

References

Affected packages

Git / github.com/umbraco/umbraco-cms

Affected ranges

Type
GIT
Repo
https://github.com/umbraco/umbraco-cms
Events

Affected versions

release-7.*

release-7.13.2
release-7.14.0
release-7.15.0
release-7.15.1
release-7.15.2
release-7.15.3
release-7.15.4

release-8.*

release-8.0.0
release-8.0.01
release-8.0.1
release-8.1.0
release-8.1.1
release-8.1.2
release-8.1.3
release-8.1.4
release-8.1.5
release-8.2.0
release-8.2.0-rc
release-8.2.1
release-8.2.2
release-8.3.0
release-8.4.0
release-8.4.0-rc
release-8.4.1
release-8.5.0
release-8.5.1
release-8.5.2
release-8.5.3
release-8.5.4
release-8.5.5
release-8.6.0
release-8.6.0-rc
release-8.6.1
release-8.6.2
release-8.6.3
release-8.6.4
release-8.6.5
release-8.6.6
release-8.7.0
release-8.7.0-rc
release-8.7.1
release-8.8
release-8.8.0
release-8.8.0-rc
release-8.8.1
release-8.8.2
release-8.9.0
release-8.9.0-rc
release-8.9.1

release/7.*

release/7.15.2

release/8.*

release/8.1.3