What is CVE-2023-49089?

CVE-2023-49089 is a high-severity vulnerability in Umbraco Umbraco-cms, classified under Path Traversal. CVSS score: 7.7/10. Published 2023-12-12.

How severe is CVE-2023-49089?

High severity. CVSS v3 base score is 7.7 out of 10.

Path Traversal in Umbraco Umbraco-cms

CVE-2023-49089

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of th…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (30.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N.

Affected products

Umbraco Umbraco-cms — versions >= 8.0.0, < 8.18.10, >= 9.0.0-rc001, < 10.8.1, >= 11.0.0-rc1, < 12.3.4

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6324-52pr-h4p5 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2023-49089?: CVE-2023-49089 is a high-severity vulnerability in Umbraco Umbraco-cms, classified under Path Traversal. CVSS score: 7.7/10. Published 2023-12-12.
How severe is CVE-2023-49089?: High severity. CVSS v3 base score is 7.7 out of 10.