CVE-2024-34071
MEDIUM6.1EPSS 0.52%Umbraco CMS Open Redirect Bypass Protection
Published: 5/21/2024Modified: 2/12/2025
Description
### Impact Umbraco have an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice, before the vulnerability is exposed. ### Affected Version \>= 8.18.5, >= 10.5.0, >= 12.0.0, >= 13.0.0 ### Patches 8.18.14, 10.8.6, 12.3.10, 13.3.1
Affected packages (2)
- NuGet/UmbracoCms.Core>= 8.18.5, < 8.18.14
- NuGet/Umbraco.Cms.Web.BackOffice>= 8.18.5, < 8.18.14
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-34071
- PATCHhttps://github.com/umbraco/Umbraco-CMS
- WEBhttps://github.com/umbraco/Umbraco-CMS/commit/5f24de308584b9771240a6db1a34630a5114c450
- WEBhttps://github.com/umbraco/Umbraco-CMS/commit/c17d4e1a600098ec524e4126f4395255476bc33f
- WEBhttps://github.com/umbraco/Umbraco-CMS/commit/c8f71af646171074c13e5c34f74312def4512031
- WEBhttps://github.com/umbraco/Umbraco-CMS/commit/d8df405db4ea884bb4b96f088d10d9a2070cf024
- WEBhttps://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-j74q-mv2c-rxmp