CVE-2024-43376

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.
Configurations

Configuration 1 (hide)

cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*

History

26 Aug 2024, 18:24

Type Values Removed Values Added
References () https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004 - () https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004 - Patch
References () https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx - () https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx - Vendor Advisory
Summary
  • (es) Umbraco es un CMS ASP.NET. Algunos endpoints de la API de administración pueden devolver información de seguimiento de la pila, incluso cuando Umbraco no está en modo de depuración. Esta vulnerabilidad se soluciona en 14.1.2.
CPE cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 5.3
First Time Umbraco umbraco Cms
Umbraco

20 Aug 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-20 15:15

Updated : 2024-08-26 18:24


NVD link : CVE-2024-43376

Mitre link : CVE-2024-43376

CVE.ORG link : CVE-2024-43376


JSON object : View

Products Affected

umbraco

  • umbraco_cms
CWE
CWE-209

Generation of Error Message Containing Sensitive Information