#VU99268 Insufficient Session Expiration in Umbraco CMS - CVE-2024-48926
Published: October 23, 2024
Vulnerability identifier: #VU99268
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-48926
CWE-ID: CWE-613
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Umbraco CMS
Umbraco CMS
Software vendor:
Umbraco
Umbraco
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to Backoffice displays the logout page with a session timeout message before the server session has fully expired, causing users to believe they have been logged out approximately 30 seconds before they actually are.
Remediation
Install updates from vendor's website.