Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03NHA2LTM5ZjItMjN2M84AA7I7
Blind SSRF Leads to Port Scan by using Webhooks
Impact
Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical.
Affected Versions
Umbraco versions 13.0.0 - 13.1.1
Patches
13.1.1
Workarounds
Disabling webhooks functionality.
Permalink: https://github.com/advisories/GHSA-74p6-39f2-23v3JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NHA2LTM5ZjItMjN2M84AA7I7
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 9 months ago
Updated: 9 months ago
CVSS Score: 4.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
EPSS Percentage: 0.00043
EPSS Percentile: 0.10511
Identifiers: GHSA-74p6-39f2-23v3, CVE-2024-29035
References:
- https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3
- https://nvd.nist.gov/vuln/detail/CVE-2024-29035
- https://github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0
- https://github.com/advisories/GHSA-74p6-39f2-23v3
Blast Radius: 1.0
Affected Packages
nuget:Umbraco.Cms.Web.BackOffice
Dependent packages: 616Dependent repositories: 0
Downloads: 10,001,607 total
Affected Version Ranges: >= 13.0.0, < 13.1.1
Fixed in: 13.1.1
All affected versions: 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.1.0
All unaffected versions: 9.0.0, 9.0.1, 9.1.0, 9.1.1, 9.1.2, 9.2.0, 9.3.0, 9.3.1, 9.4.0, 9.4.1, 9.4.2, 9.4.3, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 9.5.4, 10.0.0, 10.0.1, 10.1.0, 10.1.1, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.4.0, 10.4.1, 10.4.2, 10.5.0, 10.5.1, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.8.2, 10.8.3, 10.8.4, 10.8.5, 10.8.6, 10.8.7, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.2.2, 11.3.0, 11.3.1, 11.4.0, 11.4.1, 11.4.2, 11.5.0, 12.0.0, 12.0.1, 12.1.0, 12.1.1, 12.1.2, 12.2.0, 12.3.0, 12.3.1, 12.3.2, 12.3.3, 12.3.4, 12.3.5, 12.3.6, 12.3.7, 12.3.8, 12.3.9, 12.3.10, 13.1.1, 13.2.0, 13.2.1, 13.2.2, 13.3.0, 13.3.1, 13.3.2, 13.4.0, 13.4.1, 13.5.0, 13.5.1, 13.5.2
nuget:Umbraco.Cms.Core
Dependent packages: 271Dependent repositories: 0
Downloads: 11,665,183 total
Affected Version Ranges: >= 13.0.0, < 13.1.1
Fixed in: 13.1.1
All affected versions: 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.1.0
All unaffected versions: 9.0.0, 9.0.1, 9.1.0, 9.1.1, 9.1.2, 9.2.0, 9.3.0, 9.3.1, 9.4.0, 9.4.1, 9.4.2, 9.4.3, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 9.5.4, 10.0.0, 10.0.1, 10.1.0, 10.1.1, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.4.0, 10.4.1, 10.4.2, 10.5.0, 10.5.1, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.8.2, 10.8.3, 10.8.4, 10.8.5, 10.8.6, 10.8.7, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.2.2, 11.3.0, 11.3.1, 11.4.0, 11.4.1, 11.4.2, 11.5.0, 12.0.0, 12.0.1, 12.1.0, 12.1.1, 12.1.2, 12.2.0, 12.3.0, 12.3.1, 12.3.2, 12.3.3, 12.3.4, 12.3.5, 12.3.6, 12.3.7, 12.3.8, 12.3.9, 12.3.10, 13.1.1, 13.2.0, 13.2.1, 13.2.2, 13.3.0, 13.3.1, 13.3.2, 13.4.0, 13.4.1, 13.5.0, 13.5.1, 13.5.2, 14.0.0, 14.1.0, 14.1.1, 14.1.2, 14.2.0, 14.3.0, 14.3.1, 15.0.0, 15.1.0, 15.1.1