Vulnerabilities > CVE-2024-29035 - Unspecified vulnerability in Umbraco CMS

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

umbraco

NVD

Published: 2024-04-17

Updated: 2025-02-12

Summary

Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1.

Vulnerable Configurations

Part	Description	Count
Application	Umbraco Umbraco Umbraco CMS 13.0.0 Umbraco Umbraco CMS 13.0.1 Umbraco Umbraco CMS 13.0.2 Umbraco Umbraco CMS 13.0.3 Umbraco Umbraco CMS 13.1.0	11

References

https://github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0
https://github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3