Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-49089: Possible Path traversal when creating packages from backoffice

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue.

CVE
Open in Source
#vulnerability#asp.net

Package

nuget Umbraco.CMS (NuGet)

Affected versions

> 8.0.0

Patched versions

8.18.10, 10.8.1, 12.3.4+

Description

Impact

Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location.

Explanation of the vulnerability

To be revealed at a later point in time.

Related news

GHSA-6324-52pr-h4p5: Using the directory back payload (“/../”) in a package name allows placement of package in other folders.

#### Impact Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE