CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-48925

Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section. Version 14.3.0 contains a patch.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 23.8%

CVSS Severity

References

https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-4gp9-ff99-j6vj

Products affected by CVE-2024-48925

Umbraco » Umbraco Cms » Version: 14.0.0

cpe:2.3:a:umbraco:umbraco_cms:14.0.0
Umbraco » Umbraco Cms » Version: 14.1.0

cpe:2.3:a:umbraco:umbraco_cms:14.1.0
Umbraco » Umbraco Cms » Version: 14.1.1

cpe:2.3:a:umbraco:umbraco_cms:14.1.1
Umbraco » Umbraco Cms » Version: 14.1.2

cpe:2.3:a:umbraco:umbraco_cms:14.1.2
Umbraco » Umbraco Cms » Version: 14.2.0

cpe:2.3:a:umbraco:umbraco_cms:14.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-48925

Products

Pricing

Contact Us