GHSA-9x4v-xfq5-m8x5: Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting)

GHSA-mj4v-hp69-27x5: Plenti  - Code Injection - Denial of Services

GHSA-vqv5-385r-2hf8: Contrast's unauthenticated recovery allows Coordinator impersonation

GHSA-g6qq-c9f9-2772: Keycloak on Quarkus CLI option for encrypted JGroups ignored

GHSA-79f6-p65j-3m2m: MobSF Local Privilege Escalation

### Impact
A user enumeration attack is possible.

### Affected versions
Umbraco 10 with access to the native login screen

### Patches
This is fixed in 10.8.5


### Workarounds
Disabling the native login screen, by exclusively use external logins.




**Package**

nuget UmbracoCMS (NuGet)

**Affected versions**

\>= 10.0.0, < 10.8.5

**Patched versions**

10.8.5

**Description**

**Impact**

A user enumeration attack is possible.

**Affected versions**

Umbraco 10 with access to the native login screen

**Patches**

This is fixed in 10.8.5

**Workarounds**

Disabling the native login screen, by exclusively use external logins.

**References**

*   GHSA-552f-97wf-pmpq
*   umbraco/Umbraco-CMS@7e1d1a1

 bergmania published to umbraco/Umbraco-CMS

Mar 20, 2024

Published to the GitHub Advisory Database

Mar 20, 2024

Reviewed

Mar 20, 2024

Headline

GHSA-552f-97wf-pmpq: Umbraco possible user enumeration

Impact

Affected versions

Patches

Workarounds

ghsa: Latest News