CVE-2023-49279 - OpenCVE

Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Umbraco	Umbraco Cms

Configuration 1 [-]

OR	cpe:2.3:a:umbraco:umbraco_cms::::::::
	cpe:2.3:a:umbraco:umbraco_cms::::::::
	cpe:2.3:a:umbraco:umbraco_cms::::::::
	cpe:2.3:a:umbraco:umbraco_cms::::::::
	cpe:2.3:a:umbraco:umbraco_cms::::::::

No data.

References

Link	Providers
https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-12-12T19:35:05.931Z

Updated: 2024-08-28T14:43:18.346Z

Reserved: 2023-11-24T16:45:24.311Z

Link: CVE-2023-49279

Vulnrichment

Updated: 2024-08-02T21:53:45.340Z

NVD

Status : Analyzed

Published: 2023-12-12T20:15:08.390

Modified: 2023-12-15T18:36:38.653

Link: CVE-2023-49279

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-49279", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-11-24T16:45:24.311Z", "datePublished": "2023-12-12T19:35:05.931Z", "dateUpdated": "2024-08-28T14:43:18.346Z"}, "containers": {"cna": {"title": "Umbraco CMS vulnerable to stored XSS via SVG File Upload", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2"}, {"name": "https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation", "tags": ["x_refsource_MISC"], "url": "https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation"}], "affected": [{"vendor": "umbraco", "product": "Umbraco-CMS", "versions": [{"version": ">= 7.0.0, < 7.15.11", "status": "affected"}, {"version": ">= 8.0.0, < 8.18.9", "status": "affected"}, {"version": ">= 9.0.0-rc001, < 10.7.0", "status": "affected"}, {"version": ">= 11.0.0-rc1, < 11.5.0", "status": "affected"}, {"version": ">= 12.0.0-rc1, < 12.2.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-12T19:35:05.931Z"}, "descriptions": [{"lang": "en", "value": "Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted."}], "source": {"advisory": "GHSA-6xmx-85x3-4cv2", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:53:45.340Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2"}, {"name": "https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-28T14:43:05.811093Z", "id": "CVE-2023-49279", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T14:43:18.346Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2", "name": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation", "name": "https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:53:45.340Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-49279", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-28T14:43:05.811093Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T14:43:14.383Z"}}], "cna": {"title": "Umbraco CMS vulnerable to stored XSS via SVG File Upload", "source": {"advisory": "GHSA-6xmx-85x3-4cv2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "umbraco", "product": "Umbraco-CMS", "versions": [{"status": "affected", "version": ">= 7.0.0, < 7.15.11"}, {"status": "affected", "version": ">= 8.0.0, < 8.18.9"}, {"status": "affected", "version": ">= 9.0.0-rc001, < 10.7.0"}, {"status": "affected", "version": ">= 11.0.0-rc1, < 11.5.0"}, {"status": "affected", "version": ">= 12.0.0-rc1, < 12.2.0"}]}], "references": [{"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2", "name": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation", "name": "https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-12T19:35:05.931Z"}}}, "cveMetadata": {"cveId": "CVE-2023-49279", "state": "PUBLISHED", "dateUpdated": "2024-08-28T14:43:18.346Z", "dateReserved": "2023-11-24T16:45:24.311Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-12-12T19:35:05.931Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "F339F5B2-A184-4105-8BC9-D3FD1B793271", "versionEndExcluding": "7.15.11", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "185C2350-DA24-42EE-885E-39DAACBFB294", "versionEndExcluding": "8.18.9", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE39433E-172C-42F4-BD74-31FA96A8FF05", "versionEndExcluding": "10.7.0", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E68D9FA-67C8-456C-926E-36E76A7B77B9", "versionEndExcluding": "11.5.0", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "6842FACF-64C1-40A1-9B7A-ADF855867C3C", "versionEndExcluding": "12.2.0", "versionStartIncluding": "12.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted."}, {"lang": "es", "value": "Umbraco es un sistema de gesti\u00f3n de contenidos (CMS) ASP.NET. A partir de la versi\u00f3n 7.0.0 y anteriores a las versiones 7.15.11, 8.18.9, 10.7.0, 11.5.0 y 12.2.0, un usuario con acceso al backoffice puede cargar archivos SVG que incluyan scripts. Si el usuario puede enga\u00f1ar a otro usuario para que cargue los medios directamente en un navegador, los scripts se pueden ejecutar. Las versiones 7.15.11, 8.18.9, 10.7.0, 11.5.0 y 12.2.0 contienen un parche para este problema. Algunas soluciones est\u00e1n disponibles. Implemente la validaci\u00f3n de archivos del lado del servidor o proporcione todos los medios desde un host diferente (por ejemplo, cdn) al que est\u00e1 alojado Umbraco."}], "id": "CVE-2023-49279", "lastModified": "2023-12-15T18:36:38.653", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-12-12T20:15:08.390", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}