Improper access control in Umbraco CMS - CVE-2024-29035
Published: April 17, 2024 / Updated: May 5, 2026
Vulnerability identifier: #VU130184
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-29035
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Umbraco
Affected software:
Umbraco CMS
Umbraco CMS
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper access control in webhook logs when accessing failing webhook log entries while the application is not in debug mode. A remote privileged user can view webhook logs to disclose sensitive information.
The exposed logs can contain critical information.
How to mitigate CVE-2024-29035
Install security update from vendor's website.