CVE-2023-48227

Summary

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a patch for this issue. No known workarounds are available.

Affected Software

VendorProductVersion RangeStatus
umbracoUmbraco-CMS>= 8.0.0, < 8.18.10affected
umbracoUmbraco-CMS>= 9.0.0-rc001, < 10.7.0affected
umbracoUmbraco-CMS>= 11.0.0-rc1, < 12.3.0affected

Weaknesses

  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References