Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2cDMtdmZ3dy04NjQ4

Moderate EPSS: 0.00187% (0.41122 Percentile) EPSS:
Permalink JSON

Incorrect permission enforcement in UmbracoCms

Affected Packages Affected Versions Fixed Versions
nuget:UmbracoCms
PURL: pkg:nuget/UmbracoCms
< 8.10.0 8.10.0
32 Dependent packages
0 Dependent repositories
6,721,983 Downloads total

Affected Version Ranges

All affected versions

4.7.2, 4.8.0, 4.8.0-beta, 4.8.1, 4.9.0, 4.9.1, 4.10.0, 4.10.0-beta, 4.10.0-rc, 4.10.1, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.11.7, 4.11.8, 4.11.9, 4.11.10, 6.0.0, 6.0.0-RC, 6.0.0-beta, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.1.0, 6.1.0-beta, 6.1.0-beta-2, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.2.0, 6.2.0-RC, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 7.0.0, 7.0.0-RC, 7.0.0-alpha, 7.0.0-beta, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.1.0, 7.1.0-RC, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.0-RC, 7.2.0-beta, 7.2.0-beta2, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.5-RC, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.3.0, 7.3.0-RC, 7.3.0-beta, 7.3.0-beta2, 7.3.0-beta3, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 7.4.0, 7.4.0-RC1, 7.4.0-beta, 7.4.0-beta2, 7.4.1, 7.4.2, 7.4.3, 7.4.4, 7.5.0, 7.5.0-beta, 7.5.0-beta2, 7.5.1, 7.5.2, 7.5.3, 7.5.4, 7.5.5, 7.5.6, 7.5.7, 7.5.8, 7.5.9, 7.5.10, 7.5.11, 7.5.12, 7.5.13, 7.5.14, 7.5.15, 7.6.0, 7.6.0-RC, 7.6.0-beta, 7.6.1, 7.6.2, 7.6.3, 7.6.4, 7.6.5, 7.6.6, 7.6.7, 7.6.8, 7.6.9, 7.6.10, 7.6.11, 7.6.12, 7.6.13, 7.6.14, 7.7.0, 7.7.0-beta, 7.7.1, 7.7.2, 7.7.3, 7.7.4, 7.7.5, 7.7.6, 7.7.7, 7.7.8, 7.7.9, 7.7.10, 7.7.11, 7.7.12, 7.7.13, 7.7.14, 7.8.0, 7.8.0-beta, 7.8.1, 7.8.2, 7.8.3, 7.8.4, 7.9.0, 7.9.1, 7.9.2, 7.9.3, 7.9.4, 7.9.5, 7.9.6, 7.9.7, 7.10.0, 7.10.1, 7.10.2, 7.10.3, 7.10.4, 7.10.5, 7.10.6, 7.11.0, 7.11.1, 7.11.2, 7.11.3, 7.12.0, 7.12.1, 7.12.2, 7.12.3, 7.12.4, 7.12.5, 7.13.0, 7.13.1, 7.13.2, 7.13.3, 7.14.0, 7.14.1, 7.15.0, 7.15.1, 7.15.2, 7.15.3, 7.15.4, 7.15.5, 7.15.6, 7.15.7, 7.15.8, 7.15.9, 7.15.10, 7.15.11, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.2.0, 8.2.0-rc, 8.2.1, 8.2.2, 8.2.3, 8.3.0, 8.3.1, 8.4.0, 8.4.0-rc, 8.4.1, 8.4.2, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.5.5, 8.6.0, 8.6.0-rc, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.6.5, 8.6.6, 8.6.7, 8.6.8, 8.7.0, 8.7.0-rc, 8.7.1, 8.7.2, 8.7.3, 8.8.0, 8.8.0-rc, 8.8.1, 8.8.2, 8.8.3, 8.8.4, 8.9.0, 8.9.0-rc, 8.9.1, 8.9.2, 8.9.3

All unaffected versions

8.10.0, 8.10.1, 8.10.2, 8.10.3, 8.11.0, 8.11.1, 8.11.2, 8.11.3, 8.12.0, 8.12.1, 8.12.2, 8.12.3, 8.13.0, 8.13.1, 8.14.0, 8.14.1, 8.14.2, 8.14.3, 8.14.4, 8.15.0, 8.15.1, 8.15.2, 8.15.3, 8.16.0, 8.17.0, 8.17.1, 8.17.2, 8.18.0, 8.18.1, 8.18.2, 8.18.3, 8.18.4, 8.18.5, 8.18.6, 8.18.7, 8.18.8, 8.18.9, 8.18.10, 8.18.11, 8.18.12, 8.18.13, 8.18.14, 8.18.15

Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.

References:

Identifiers

GHSA-4vp3-vfww-8648

CVE-2020-29454

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00187

EPSS Percentile: 0.41122

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/umbraco/Umbraco-CMS

Date and time

Published

over 4 years ago

Updated

almost 3 years ago

API

JSON