CVE-2023-49279

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

U

mbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted.

References

Link	Resource
https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation	Product
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2	Vendor Advisory
https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation	Product
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:umbraco:umbraco_cms::::::::
	cpe:2.3:a:umbraco:umbraco_cms::::::::
	cpe:2.3:a:umbraco:umbraco_cms::::::::
	cpe:2.3:a:umbraco:umbraco_cms::::::::
	cpe:2.3:a:umbraco:umbraco_cms::::::::

History

21 Nov 2024, 08:33

Type	Values Removed	Values Added
References	~~() https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation - Product~~	() https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation - Product
References	~~() https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2 - Vendor Advisory~~	() https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~5.4~~	v2 : unknown v3 : 3.7

Information

Published : 2023-12-12 20:15

Updated : 2024-11-21 08:33

NVD link : CVE-2023-49279

Mitre link : CVE-2023-49279

CVE.ORG link : CVE-2023-49279

JSON object : View

Products Affected

umbraco_cms

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2023-49279", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-12-12T20:15:08.390", "references": [{"url": "https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted."}, {"lang": "es", "value": "Umbraco es un sistema de gesti\u00f3n de contenidos (CMS) ASP.NET. A partir de la versi\u00f3n 7.0.0 y anteriores a las versiones 7.15.11, 8.18.9, 10.7.0, 11.5.0 y 12.2.0, un usuario con acceso al backoffice puede cargar archivos SVG que incluyan scripts. Si el usuario puede enga\u00f1ar a otro usuario para que cargue los medios directamente en un navegador, los scripts se pueden ejecutar. Las versiones 7.15.11, 8.18.9, 10.7.0, 11.5.0 y 12.2.0 contienen un parche para este problema. Algunas soluciones est\u00e1n disponibles. Implemente la validaci\u00f3n de archivos del lado del servidor o proporcione todos los medios desde un host diferente (por ejemplo, cdn) al que est\u00e1 alojado Umbraco."}], "lastModified": "2024-11-21T08:33:10.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F339F5B2-A184-4105-8BC9-D3FD1B793271", "versionEndExcluding": "7.15.11", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "185C2350-DA24-42EE-885E-39DAACBFB294", "versionEndExcluding": "8.18.9", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE39433E-172C-42F4-BD74-31FA96A8FF05", "versionEndExcluding": "10.7.0", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E68D9FA-67C8-456C-926E-36E76A7B77B9", "versionEndExcluding": "11.5.0", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6842FACF-64C1-40A1-9B7A-ADF855867C3C", "versionEndExcluding": "12.2.0", "versionStartIncluding": "12.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}