Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
Vulnerability Description
Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section. Version 14.3.0 contains a patch.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Umbraco CMS 安全漏洞
Vulnerability Description
Umbraco CMS是丹麦Umbraco公司的一个内容管理系统。 Umbraco CMS 14.0.0版本至14.3.0之前版本存在安全漏洞,该漏洞源于存在访问控制不当问题,允许低权限用户访问webhook API并检索应仅限于有权访问设置部分的用户的信息。
CVSS Information
N/A
Vulnerability Type
N/A