CVE-2023-49279 - OpenCVE

Vendors	Products
Umbraco	Umbraco Cms

Link	Resource
https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation	Product
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2	Vendor Advisory

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-49279", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-11-24T16:45:24.311Z", "datePublished": "2023-12-12T19:35:05.931Z", "dateUpdated": "2023-12-12T19:35:05.931Z"}, "containers": {"cna": {"title": "Umbraco CMS vulnerable to stored XSS via SVG File Upload", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2"}, {"name": "https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation", "tags": ["x_refsource_MISC"], "url": "https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation"}], "affected": [{"vendor": "umbraco", "product": "Umbraco-CMS", "versions": [{"version": ">= 7.0.0, < 7.15.11", "status": "affected"}, {"version": ">= 8.0.0, < 8.18.9", "status": "affected"}, {"version": ">= 9.0.0-rc001, < 10.7.0", "status": "affected"}, {"version": ">= 11.0.0-rc1, < 11.5.0", "status": "affected"}, {"version": ">= 12.0.0-rc1, < 12.2.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-12T19:35:05.931Z"}, "descriptions": [{"lang": "en", "value": "Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted."}], "source": {"advisory": "GHSA-6xmx-85x3-4cv2", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "F339F5B2-A184-4105-8BC9-D3FD1B793271", "versionEndExcluding": "7.15.11", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "185C2350-DA24-42EE-885E-39DAACBFB294", "versionEndExcluding": "8.18.9", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE39433E-172C-42F4-BD74-31FA96A8FF05", "versionEndExcluding": "10.7.0", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E68D9FA-67C8-456C-926E-36E76A7B77B9", "versionEndExcluding": "11.5.0", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "6842FACF-64C1-40A1-9B7A-ADF855867C3C", "versionEndExcluding": "12.2.0", "versionStartIncluding": "12.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted."}, {"lang": "es", "value": "Umbraco es un sistema de gesti\u00f3n de contenidos (CMS) ASP.NET. A partir de la versi\u00f3n 7.0.0 y anteriores a las versiones 7.15.11, 8.18.9, 10.7.0, 11.5.0 y 12.2.0, un usuario con acceso al backoffice puede cargar archivos SVG que incluyan scripts. Si el usuario puede enga\u00f1ar a otro usuario para que cargue los medios directamente en un navegador, los scripts se pueden ejecutar. Las versiones 7.15.11, 8.18.9, 10.7.0, 11.5.0 y 12.2.0 contienen un parche para este problema. Algunas soluciones est\u00e1n disponibles. Implemente la validaci\u00f3n de archivos del lado del servidor o proporcione todos los medios desde un host diferente (por ejemplo, cdn) al que est\u00e1 alojado Umbraco."}], "id": "CVE-2023-49279", "lastModified": "2023-12-15T18:36:38.653", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-12-12T20:15:08.390", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

JSON object

JSON object

JSON object