What is CVE-2023-49278?

CVE-2023-49278 is a medium-severity vulnerability in Umbraco Umbraco-cms, classified under Information Disclosure. CVSS score: 5.3/10. Published 2023-12-12.

How severe is CVE-2023-49278?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Information disclosure in Umbraco Umbraco-cms

CVE-2023-49278

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain…

Vulnerability class: Information Disclosure

EPSS: 0.003 (54.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Umbraco Umbraco-cms — versions >= 8.0.0, < 8.18.10, >= 9.0.0-rc001, < 10.8.1, >= 11.0.0-rc1, < 12.3.4

Weakness classification (CWE)

References

https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-7x74-h8cw-qhxq (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2023-49278?: CVE-2023-49278 is a medium-severity vulnerability in Umbraco Umbraco-cms, classified under Information Disclosure. CVSS score: 5.3/10. Published 2023-12-12.
How severe is CVE-2023-49278?: Medium severity. CVSS v3 base score is 5.3 out of 10.