CVE-2024-43377

MEDIUM

Umbraco CMS 14.0.0-14.1.1 - Authenticated Improper Access Control

Title source: llm

Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2.

Core 2

Core References

Vendor Advisory x_refsource_confirm

Patch x_refsource_misc

CVSS v3 5.4

EPSS 0.0042

EPSS Percentile 61.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

CWE

CWE-284

Status published

Products (2)

nuget/Umbraco.Cms 14.0.0 - 14.1.2NuGet

umbraco/umbraco_cms 14.0.0 - 14.1.2

Published Aug 20, 2024

Tracked Since Feb 18, 2026