{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-43376", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-08-09T14:23:55.514Z", "datePublished": "2024-08-20T14:40:20.338Z", "dateUpdated": "2024-08-20T17:40:07.164Z"}, "containers": {"cna": {"title": "Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information", "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "lang": "en", "description": "CWE-209: Generation of Error Message Containing Sensitive Information", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx"}, {"name": "https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004", "tags": ["x_refsource_MISC"], "url": "https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004"}], "affected": [{"vendor": "umbraco", "product": "Umbraco-CMS", "versions": [{"version": ">= 14.0.0, < 14.1.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-08-20T14:40:20.338Z"}, "descriptions": [{"lang": "en", "value": "Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2."}], "source": {"advisory": "GHSA-77gj-crhp-3gvx", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-20T17:39:49.675110Z", "id": "CVE-2024-43376", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T17:40:07.164Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43376", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-20T17:39:49.675110Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T17:39:56.172Z"}}], "cna": {"title": "Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information", "source": {"advisory": "GHSA-77gj-crhp-3gvx", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "umbraco", "product": "Umbraco-CMS", "versions": [{"status": "affected", "version": ">= 14.0.0, < 14.1.2"}]}], "references": [{"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx", "name": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004", "name": "https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-209", "description": "CWE-209: Generation of Error Message Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-08-20T14:40:20.338Z"}}}, "cveMetadata": {"cveId": "CVE-2024-43376", "state": "PUBLISHED", "dateUpdated": "2024-08-20T17:40:07.164Z", "dateReserved": "2024-08-09T14:23:55.514Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-08-20T14:40:20.338Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDE797CA-C733-40BA-96B9-C114B93160F0", "versionEndExcluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2."}, {"lang": "es", "value": "Umbraco es un CMS ASP.NET. Algunos endpoints de la API de administraci\u00f3n pueden devolver informaci\u00f3n de seguimiento de la pila, incluso cuando Umbraco no est\u00e1 en modo de depuraci\u00f3n. Esta vulnerabilidad se soluciona en 14.1.2."}], "id": "CVE-2024-43376", "lastModified": "2024-08-26T18:24:06.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-08-20T15:15:23.277", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-209"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}