nvd-json-data-feeds/CVE-2024/CVE-2024-433xx/CVE-2024-43376.json

{
  "id": "CVE-2024-43376",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2024-08-20T15:15:23.277",
  "lastModified": "2024-08-26T18:24:06.530",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2."
    },
    {
      "lang": "es",
      "value": "Umbraco es un CMS ASP.NET. Algunos endpoints de la API de administraci\u00f3n pueden devolver informaci\u00f3n de seguimiento de la pila, incluso cuando Umbraco no est\u00e1 en modo de depuraci\u00f3n. Esta vulnerabilidad se soluciona en 14.1.2."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      },
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ]
    },
    {
      "source": "security-advisories@github.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "14.0.0",
              "versionEndExcluding": "14.1.2",
              "matchCriteriaId": "DDE797CA-C733-40BA-96B9-C114B93160F0"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004",
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx",
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}
Auto-Update: 2024-08-20T16:00:18.583404+00:00 2024-08-20 16:03:15 +00:00			`{`
			`"id": "CVE-2024-43376",`
			`"sourceIdentifier": "security-advisories@github.com",`
			`"published": "2024-08-20T15:15:23.277",`
Auto-Update: 2024-08-26T20:00:17.489774+00:00 2024-08-26 20:03:14 +00:00			`"lastModified": "2024-08-26T18:24:06.530",`
			`"vulnStatus": "Analyzed",`
Auto-Update: 2024-08-20T16:00:18.583404+00:00 2024-08-20 16:03:15 +00:00			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2."`
Auto-Update: 2024-08-25T02:00:16.658760+00:00 2024-08-25 02:03:13 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "Umbraco es un CMS ASP.NET. Algunos endpoints de la API de administraci\u00f3n pueden devolver informaci\u00f3n de seguimiento de la pila, incluso cuando Umbraco no est\u00e1 en modo de depuraci\u00f3n. Esta vulnerabilidad se soluciona en 14.1.2."`
Auto-Update: 2024-08-20T16:00:18.583404+00:00 2024-08-20 16:03:15 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
Auto-Update: 2024-08-26T20:00:17.489774+00:00 2024-08-26 20:03:14 +00:00			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.3,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 1.4`
			`},`
Auto-Update: 2024-08-20T16:00:18.583404+00:00 2024-08-20 16:03:15 +00:00			`{`
			`"source": "security-advisories@github.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 4.3,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 1.4`
			`}`
			`]`
			`},`
			`"weaknesses": [`
Auto-Update: 2024-08-26T20:00:17.489774+00:00 2024-08-26 20:03:14 +00:00			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-209"`
			`}`
			`]`
			`},`
Auto-Update: 2024-08-20T16:00:18.583404+00:00 2024-08-20 16:03:15 +00:00			`{`
			`"source": "security-advisories@github.com",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-209"`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2024-08-26T20:00:17.489774+00:00 2024-08-26 20:03:14 +00:00			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:umbraco:umbraco_cms::::::::",`
			`"versionStartIncluding": "14.0.0",`
			`"versionEndExcluding": "14.1.2",`
			`"matchCriteriaId": "DDE797CA-C733-40BA-96B9-C114B93160F0"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2024-08-20T16:00:18.583404+00:00 2024-08-20 16:03:15 +00:00			`"references": [`
			`{`
			`"url": "https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004",`
Auto-Update: 2024-08-26T20:00:17.489774+00:00 2024-08-26 20:03:14 +00:00			`"source": "security-advisories@github.com",`
			`"tags": [`
			`"Patch"`
			`]`
Auto-Update: 2024-08-20T16:00:18.583404+00:00 2024-08-20 16:03:15 +00:00			`},`
			`{`
			`"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx",`
Auto-Update: 2024-08-26T20:00:17.489774+00:00 2024-08-26 20:03:14 +00:00			`"source": "security-advisories@github.com",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2024-08-20T16:00:18.583404+00:00 2024-08-20 16:03:15 +00:00			`}`
			`]`
			`}`