5.3
CVE-2024-43376
- EPSS 0.36%
- Veröffentlicht 20.08.2024 15:15:23
- Zuletzt bearbeitet 26.08.2024 18:24:06
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginUmbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information
Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Umbraco ≫ Umbraco Cms Version >= 14.0.0 < 14.1.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.28 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| security-advisories@github.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-209 Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.
https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx