CVE-2024-29035 Vulnerability Details

  /     /     /  

CVE-2024-29035 Metadata Quick Info

CVE Published: 17/04/2024 | CVE Updated: 02/08/2024 | CVE Year: 2024
Source: GitHub_M | Vendor: umbraco | Product: Umbraco-CMS
Status : PUBLISHED

CVE-2024-29035 Description

Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1.

Metrics

CVSS Version: 3.1 | Base Score: 4.1 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* HIGH
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-918
CWE Name: CWE-918: Server-Side Request Forgery (SSRF)
Source: umbraco

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).