Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.
References
Configurations
History
26 Aug 2024, 18:24
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004 - Patch | |
References | () https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx - Vendor Advisory | |
Summary |
|
|
CPE | cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
First Time |
Umbraco umbraco Cms
Umbraco |
20 Aug 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-20 15:15
Updated : 2024-08-26 18:24
NVD link : CVE-2024-43376
Mitre link : CVE-2024-43376
CVE.ORG link : CVE-2024-43376
JSON object : View
Products Affected
umbraco
- umbraco_cms
CWE
CWE-209
Generation of Error Message Containing Sensitive Information