What is CVE-2023-37267?

CVE-2023-37267 is a high-severity vulnerability in Umbraco Umbraco-cms, classified under Improper Access Control. CVSS score: 7.5/10. Published 2023-07-13.

How severe is CVE-2023-37267?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Umbraco Umbraco-cms

CVE-2023-37267

Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.

EPSS: 0.004 (62.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Umbraco Umbraco-cms — versions >= 9.0.0, < 10.6.1, >= 11.0.0, < 11.4.2, = 12.0.0

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7m (x_refsource_CONFIRM)
https://github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb041e410e (x_refsource_MISC)
https://github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644e7b569 (x_refsource_MISC)
https://github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b18020e1fed (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-37267?: CVE-2023-37267 is a high-severity vulnerability in Umbraco Umbraco-cms, classified under Improper Access Control. CVSS score: 7.5/10. Published 2023-07-13.
How severe is CVE-2023-37267?: High severity. CVSS v3 base score is 7.5 out of 10.