Vulnerability Description
Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Umbraco | Umbraco Cms | >= 10.0.0, < 10.6.1 |
Related Weaknesses (CWE)
References
- https://github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb04Patch
- https://github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644Patch
- https://github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b1802Patch
- https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7mVendor Advisory
- https://github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb04Patch
- https://github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644Patch
- https://github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b1802Patch
- https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7mVendor Advisory
FAQ
What is CVE-2023-37267?
CVE-2023-37267 is a vulnerability with a CVSS score of 7.5 (HIGH). Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0....
How severe is CVE-2023-37267?
CVE-2023-37267 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-37267?
Check the references section above for vendor advisories and patch information. Affected products include: Umbraco Umbraco Cms.