Home > Vulnerability Database > CVE-2024-29035

Mend.io Vulnerability Database

CVE-2024-29035

Good to know:

Date: April 17, 2024

Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1.

Language: C#

Severity Score

4.1

Related Resources (4)

Url: https://github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-29035

Url: https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3

Url: https://www.mend.io/vulnerability-database/CVE-2024-29035

Severity Score

4.1

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version Umbraco.Cms.Web.BackOffice - 13.1.1

Learn More

CVSS v3.1

Base Score:	4.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-29035

Good to know:

Date: April 17, 2024

Language: C#

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?