SB2023121358 - Multiple vulnerabilities in Umbraco CMS
Published: December 13, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 vulnerabilities.
1) Information Exposure Through an Error Message (CVE-ID: CVE-2023-49278)
CWE-ID: CWE-209 - Information Exposure Through an Error Message
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a missing brute-force protection. A remote attacker can enumerate usernames on the website.
2) Path traversal (CVE-ID: CVE-2023-49089)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the backoffice component. A remote user with permissions to create packages can send a specially crafted HTTP request and write arbitrary files outside of the expected location.
3) Information exposure through an error message (CVE-ID: CVE-2023-49274)
CWE-ID: CWE-209 - Information Exposure Through an Error Message
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to enumerate registered users.
The vulnerability exists due to incorrect implementation of password reset feature, when SMTP is not setup correctly. A remote attacker can enumerate registered users.
4) Improper access control (CVE-ID: CVE-2023-49273)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user with Editor privileges can bypass implemented security restrictions and gain unauthorized access to the application.
Remediation
Install update from vendor's website.
References
- https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-7x74-h8cw-qhxq
- https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6324-52pr-h4p5
- https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-8qp8-9rpw-j46c
- https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-cfr5-7p54-4qg8