CVE-2024-29035

Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1.
Configurations

Configuration 1 (hide)

cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*

History

12 Feb 2025, 15:26

Type Values Removed Values Added
CPE cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*
First Time Umbraco
Umbraco umbraco Cms
CWE NVD-CWE-noinfo
References () https://github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0 - () https://github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0 - Patch
References () https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3 - () https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3 - Vendor Advisory

21 Nov 2024, 09:07

Type Values Removed Values Added
References () https://github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0 - () https://github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0 -
References () https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3 - () https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3 -
Summary
  • (es) Umbraco es un CMS ASP.NET. Los registros de webhooks fallidos están disponibles cuando la solución no está en modo de depuración. Esos registros pueden contener información crítica. Esta vulnerabilidad se soluciona en 13.1.1.

17 Apr 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-17 15:15

Updated : 2025-02-12 15:26


NVD link : CVE-2024-29035

Mitre link : CVE-2024-29035

CVE.ORG link : CVE-2024-29035


JSON object : View

Products Affected

umbraco

  • umbraco_cms
CWE
CWE-918

Server-Side Request Forgery (SSRF)

NVD-CWE-noinfo