GHSA-552f-97wf-pmpq

Source

https://github.com/advisories/GHSA-552f-97wf-pmpq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-552f-97wf-pmpq/GHSA-552f-97wf-pmpq.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-552f-97wf-pmpq

Aliases

CVE-2024-28868

Published

2024-03-20T17:54:35Z

Modified

2025-02-12T18:19:44Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Umbraco possible user enumeration

Details

Impact

A user enumeration attack is possible.

Affected versions

Umbraco 10 with access to the native login screen

Patches

This is fixed in 10.8.5

Workarounds

Disabling the native login screen, by exclusively use external logins.

Database specific

{
    "cwe_ids": [
        "CWE-203",
        "CWE-204"
    ],
    "nvd_published_at": "2024-03-20T20:15:09Z",
    "github_reviewed_at": "2024-03-20T17:54:35Z",
    "github_reviewed": true,
    "severity": "LOW"
}

References

Affected packages

NuGet / UmbracoCMS

Package

Name: UmbracoCMS; View open source insights on deps.dev
Purl: pkg:nuget/UmbracoCMS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10.0.0

Fixed

10.8.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-552f-97wf-pmpq/GHSA-552f-97wf-pmpq.json"