Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS03NHA2LTM5ZjItMjN2M84AA7I7

Blind SSRF Leads to Port Scan by using Webhooks

Impact

Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical.

Affected Versions

Umbraco versions 13.0.0 - 13.1.1

Patches

13.1.1

Workarounds

Disabling webhooks functionality.

Permalink: https://github.com/advisories/GHSA-74p6-39f2-23v3
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NHA2LTM5ZjItMjN2M84AA7I7
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 month ago
Updated: about 1 month ago


CVSS Score: 4.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Identifiers: GHSA-74p6-39f2-23v3, CVE-2024-29035
References: Repository: https://github.com/umbraco/Umbraco-CMS
Blast Radius: 1.0

Affected Packages

nuget:Umbraco.Cms.Web.BackOffice
Dependent packages: 616
Dependent repositories: 0
Downloads: 7,748,001 total
Affected Version Ranges: >= 13.0.0, < 13.1.1
Fixed in: 13.1.1
All affected versions: 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.1.0
All unaffected versions: 9.0.0, 9.0.1, 9.1.0, 9.1.1, 9.1.2, 9.2.0, 9.3.0, 9.3.1, 9.4.0, 9.4.1, 9.4.2, 9.4.3, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 9.5.4, 10.0.0, 10.0.1, 10.1.0, 10.1.1, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.4.0, 10.4.1, 10.4.2, 10.5.0, 10.5.1, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.8.2, 10.8.3, 10.8.4, 10.8.5, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.2.2, 11.3.0, 11.3.1, 11.4.0, 11.4.1, 11.4.2, 11.5.0, 12.0.0, 12.0.1, 12.1.0, 12.1.1, 12.1.2, 12.2.0, 12.3.0, 12.3.1, 12.3.2, 12.3.3, 12.3.4, 12.3.5, 12.3.6, 12.3.7, 12.3.8, 12.3.9, 13.1.1, 13.2.0, 13.2.1, 13.2.2, 13.3.0
nuget:Umbraco.Cms.Core
Dependent packages: 271
Dependent repositories: 0
Downloads: 8,977,594 total
Affected Version Ranges: >= 13.0.0, < 13.1.1
Fixed in: 13.1.1
All affected versions: 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.1.0
All unaffected versions: 9.0.0, 9.0.1, 9.1.0, 9.1.1, 9.1.2, 9.2.0, 9.3.0, 9.3.1, 9.4.0, 9.4.1, 9.4.2, 9.4.3, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 9.5.4, 10.0.0, 10.0.1, 10.1.0, 10.1.1, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.4.0, 10.4.1, 10.4.2, 10.5.0, 10.5.1, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.8.2, 10.8.3, 10.8.4, 10.8.5, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.2.2, 11.3.0, 11.3.1, 11.4.0, 11.4.1, 11.4.2, 11.5.0, 12.0.0, 12.0.1, 12.1.0, 12.1.1, 12.1.2, 12.2.0, 12.3.0, 12.3.1, 12.3.2, 12.3.3, 12.3.4, 12.3.5, 12.3.6, 12.3.7, 12.3.8, 12.3.9, 13.1.1, 13.2.0, 13.2.1, 13.2.2, 13.3.0