Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-48227: Backoffice User can bypass "Publish" restriction

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a patch for this issue. No known workarounds are available.

CVE
#vulnerability#ios#asp.net

Package

nuget Umbraco.CMS (NuGet)

Affected versions

> 8.0.0

Patched versions

8.18.10, 10.8.0, 12.3.0

Description

Impact

Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios.

Explanation of the vulnerability

To be revealed at a later point in time.

Related news

GHSA-335x-5wcm-8jv2: Backoffice User can bypass "Publish" restriction

#### Impact Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907