CVE-2023-37267

Summary

Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.

Affected Software

VendorProductVersion RangeStatus
umbracoUmbraco-CMS>= 9.0.0, < 10.6.1affected
umbracoUmbraco-CMS>= 11.0.0, < 11.4.2affected
umbracoUmbraco-CMS= 12.0.0affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References