Home > Vulnerability Database > CVE-2024-43376

Mend.io Vulnerability Database

CVE-2024-43376

Good to know:

Date: August 20, 2024

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.

Language: C#

Severity Score

4.3

Related Resources (5)

Url: https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx

Url: https://github.com/umbraco/Umbraco-CMS

Url: https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-43376

Url: https://www.mend.io/vulnerability-database/CVE-2024-43376

Severity Score

4.3

Weakness Type (CWE)

Generation of Error Message Containing Sensitive Information

CWE-209

Top Fix

Upgrade Version

Upgrade to version umbraco.cms.api.management - 14.1.2

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-43376

Good to know:

Date: August 20, 2024

Language: C#

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?