CVE-2023-37267 - OpenCVE

Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Umbraco	Umbraco Cms

Configuration 1 [-]

OR	cpe:2.3:a:umbraco:umbraco_cms::::::::
	cpe:2.3:a:umbraco:umbraco_cms::::::::
	cpe:2.3:a:umbraco:umbraco_cms::::::::

No data.

References

Link	Providers
https://github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb041e410e
https://github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644e7b569
https://github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b18020e1fed
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7m

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-07-13T13:43:59.383Z

Updated: 2024-08-02T17:09:33.811Z

Reserved: 2023-06-29T19:35:26.438Z

Link: CVE-2023-37267

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-13T14:15:09.427

Modified: 2023-07-25T18:57:24.717

Link: CVE-2023-37267

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-37267", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-06-29T19:35:26.438Z", "datePublished": "2023-07-13T13:43:59.383Z", "dateUpdated": "2024-08-02T17:09:33.811Z"}, "containers": {"cna": {"title": "Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7m"}, {"name": "https://github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb041e410e", "tags": ["x_refsource_MISC"], "url": "https://github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb041e410e"}, {"name": "https://github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644e7b569", "tags": ["x_refsource_MISC"], "url": "https://github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644e7b569"}, {"name": "https://github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b18020e1fed", "tags": ["x_refsource_MISC"], "url": "https://github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b18020e1fed"}], "affected": [{"vendor": "umbraco", "product": "Umbraco-CMS", "versions": [{"version": ">= 9.0.0, < 10.6.1", "status": "affected"}, {"version": ">= 11.0.0, < 11.4.2", "status": "affected"}, {"version": "= 12.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-13T13:43:59.383Z"}, "descriptions": [{"lang": "en", "value": "Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1."}], "source": {"advisory": "GHSA-h8wc-r4jh-mg7m", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:09:33.811Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7m", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7m"}, {"name": "https://github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb041e410e", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb041e410e"}, {"name": "https://github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644e7b569", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644e7b569"}, {"name": "https://github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b18020e1fed", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b18020e1fed"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "841B2B22-690A-4EA6-AF97-C2C4F17825A5", "versionEndExcluding": "10.6.1", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDC616B7-2605-4852-9198-ACFDD02EC4DD", "versionEndExcluding": "11.4.2", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "50859076-CC8D-4B69-AD2F-7AF958CF6D2D", "versionEndExcluding": "12.0.1", "versionStartIncluding": "12.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1."}], "id": "CVE-2023-37267", "lastModified": "2023-07-25T18:57:24.717", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-07-13T14:15:09.427", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb041e410e"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644e7b569"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b18020e1fed"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7m"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Secondary"}]}