github - ghsa-7x74-h8cw-qhxq

GHSA-7X74-H8CW-QHXQ

Vulnerability from github – Published: 2023-12-13 13:27 – Updated: 2024-01-12 16:27

Summary

Brute force exploit can be used to collect valid usernames

Details

Impact

A brute force exploit that can be used to collect valid usernames is possible.

Explanation of the vulnerability

It's a brute force exploit that can be used to collect valid usernames by using the “forgot password” function when trying to log into the Backoffice. If the username/email is known, it is easier to find the corresponding password. If an email address that was already used and registered by a user, is provided as an input, the server internal processing time takes longer. If the email address does not exist in the database of the registered users, the server would respond immediately.

Severity ?

0.0 (None)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Umbraco.CMS"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.18.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Umbraco.CMS"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "10.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Umbraco.CMS"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "12.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-49278"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-13T13:27:06Z",
    "nvd_published_at": "2023-12-12T20:15:08Z",
    "severity": "LOW"
  },
  "details": "#### Impact\nA brute force exploit that can be used to collect valid usernames is possible.\n\n#### Explanation of the vulnerability \nIt\u0027s a brute force exploit that can be used to collect valid usernames by using the \u201cforgot password\u201d function when trying to log into the Backoffice.\nIf the username/email is known, it is easier to find the corresponding password.\nIf an email address that was already used and registered by a user, is provided as an input, the server internal processing time takes longer.\nIf the email address does not exist in the database of the registered users, the server would respond immediately.",
  "id": "GHSA-7x74-h8cw-qhxq",
  "modified": "2024-01-12T16:27:48Z",
  "published": "2023-12-13T13:27:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-7x74-h8cw-qhxq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49278"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/umbraco/Umbraco-CMS"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": " Brute force exploit can be used to collect valid usernames"
}

CVE-2023-49278 (GCVE-0-2023-49278)

Vulnerability from cvelistv5 – Published: 2023-12-12 19:14 – Updated: 2024-10-08 14:33

Summary

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
CWE-307 - Improper Restriction of Excessive Authentication Attempts

Assigner

GitHub_M

References

URL

Tags

https://github.com/umbraco/Umbraco-CMS/security/a…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	umbraco	Umbraco-CMS	Affected: >= 8.0.0, < 8.18.10 Affected: >= 9.0.0-rc001, < 10.8.1 Affected: >= 11.0.0-rc1, < 12.3.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:53:44.730Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-7x74-h8cw-qhxq",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-7x74-h8cw-qhxq"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-49278",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-06T16:27:06.065202Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T14:33:55.652Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Umbraco-CMS",
          "vendor": "umbraco",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 8.0.0, \u003c 8.18.10"
            },
            {
              "status": "affected",
              "version": "\u003e= 9.0.0-rc001, \u003c 10.8.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 11.0.0-rc1, \u003c 12.3.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-307",
              "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-12T19:14:02.789Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-7x74-h8cw-qhxq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-7x74-h8cw-qhxq"
        }
      ],
      "source": {
        "advisory": "GHSA-7x74-h8cw-qhxq",
        "discovery": "UNKNOWN"
      },
      "title": "Umbraco CMS brute force exploit can be used to collect valid usernames"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-49278",
    "datePublished": "2023-12-12T19:14:02.789Z",
    "dateReserved": "2023-11-24T16:45:24.311Z",
    "dateUpdated": "2024-10-08T14:33:55.652Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted