Session Termination Flaw in Umbraco Content Management System
CVE-2024-48929

4.2MEDIUM

Key Information:

Vendor: Umbraco
Status: Umbraco Cms
Vendor: CVE Published:; 22 October 2024

What is CVE-2024-48929?

A vulnerability exists in specific versions of Umbraco, a popular open-source .NET content management system, where the server session is not properly terminated upon explicit sign-out. This flaw affects Umbraco versions in the 13.x branch before 13.5.2 and the 10.x branch before 10.8.7, potentially allowing unintended access to user sessions. It is crucial for users of the affected versions to apply the latest patches to mitigate potential security risks. For detailed information, please refer to the advisory available on the official Umbraco GitHub page.

References

https://github.com/umbraco/Umbraco-CMS/security/advisorie...

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2024