Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Umbraco Backoffice API Allows Unauthorized Modification of Domain Data
Vulnerability Description
Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by insufficient authorization enforcement on the affected API endpoint, whereby via an API call, domains can be set on content nodes that the editor does not have permission to access (either via user group privileges or start nodes). This vulnerability is fixed in 16.5.1 and 17.2.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Umbraco 安全漏洞
Vulnerability Description
Umbraco是丹麦Umbraco公司的一套C#编写的开源的内容管理系统(CMS)。 Umbraco 14.0.0版本至16.5.1之前版本和17.2.2之前版本存在安全漏洞,该漏洞源于后台API端点授权执行不足,可能导致未经授权设置内容节点域。
CVSS Information
N/A
Vulnerability Type
N/A