Vulnerability Details CVE-2023-37267
Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.9%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb041e410e
- https://github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644e7b569
- https://github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b18020e1fed
- https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7m
- https://github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb041e410e
- https://github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644e7b569
- https://github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b18020e1fed
- https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7m
Products affected by CVE-2023-37267
-
cpe:2.3:a:umbraco:umbraco_cms:10.0.0
-
cpe:2.3:a:umbraco:umbraco_cms:10.0.1
-
cpe:2.3:a:umbraco:umbraco_cms:10.1.0
-
cpe:2.3:a:umbraco:umbraco_cms:10.1.1
-
cpe:2.3:a:umbraco:umbraco_cms:10.2.0
-
cpe:2.3:a:umbraco:umbraco_cms:10.2.1
-
cpe:2.3:a:umbraco:umbraco_cms:10.3.0
-
cpe:2.3:a:umbraco:umbraco_cms:10.3.1
-
cpe:2.3:a:umbraco:umbraco_cms:10.3.2
-
cpe:2.3:a:umbraco:umbraco_cms:10.4.0
-
cpe:2.3:a:umbraco:umbraco_cms:10.4.1
-
cpe:2.3:a:umbraco:umbraco_cms:10.4.2
-
cpe:2.3:a:umbraco:umbraco_cms:10.5.0
-
cpe:2.3:a:umbraco:umbraco_cms:10.5.1
-
cpe:2.3:a:umbraco:umbraco_cms:10.6.0
-
cpe:2.3:a:umbraco:umbraco_cms:11.0.0
-
cpe:2.3:a:umbraco:umbraco_cms:11.1.0
-
cpe:2.3:a:umbraco:umbraco_cms:11.2.0
-
cpe:2.3:a:umbraco:umbraco_cms:11.2.1
-
cpe:2.3:a:umbraco:umbraco_cms:11.2.2
-
cpe:2.3:a:umbraco:umbraco_cms:11.3.0
-
cpe:2.3:a:umbraco:umbraco_cms:11.3.1
-
cpe:2.3:a:umbraco:umbraco_cms:11.4.0
-
cpe:2.3:a:umbraco:umbraco_cms:12.0.0