CVE-2024-43376

MEDIUM

Umbraco Cms < 14.1.2 - Error Information Exposure

Title source: rule

Description

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.

References (2)

[Vendor Advisory] https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx

[Patch] https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004

View Patch ZIP pw:eip

Scores

CVSS v3 4.3

EPSS 0.0049

EPSS Percentile 65.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-209

Status published

Products (2)

nuget/Umbraco.Cms.Api.Management 14.0.0 - 14.1.2NuGet

umbraco/umbraco_cms 14.0.0 - 14.1.2

Published Aug 20, 2024

Tracked Since Feb 18, 2026