Main Vulnerability Database SB20240417161

SB20240417161 - Improper access control in Umbraco CMS

Published: April 17, 2024 Updated: May 5, 2026

Security Bulletin ID SB20240417161

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper access control (CVE-ID: CVE-2024-29035)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in webhook logs when accessing failing webhook log entries while the application is not in debug mode. A remote privileged user can view webhook logs to disclose sensitive information.

The exposed logs can contain critical information.

Remediation

Install update from vendor's website.

References

https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3