CNNVD-202507-3777 Information
CNNVD ID
CNNVD-202507-3777
Related CVE
- CNNVD Published: 2025-07-30
Description (Chinese)
Umbraco是丹麦Umbraco公司的一套C#编写的开源的内容管理系统(CMS)。 Umbraco存在信息泄露漏洞,该漏洞源于缓存未按API密钥头变化,可能导致未经授权访问缓存响应。以下版本受到影响:13.0.0至13.9.2版本、15.0.0至15.4.1版本和16.0.0至16.1.0版本。
Description (English)
Umbraco is an open-source content management system (CMS) developed by the Danish company Umbraco. Umbraco has a leaky information loophole, which stems from the fact that the cache has not changed by the API key, which may lead to unauthorized access to the cache response. The following versions were affected: 13.0.0 to 13.9.2, 15.0.0 to 15.4.1 and 16.0.0 to 16.1.0.
Hazard Level
High
Vulnerability Type
信息泄露
Affected Vendor
Umbraco
Published
2025-07-30
Last Modified
2026-02-24
References
https://docs.umbraco.com/umbraco-cms/reference/content-delivery-api https://github.com/umbraco/Umbraco-CMS/commit/7e82c258eebaa595eadc9b000461e27d02bc030e https://github.com/umbraco/Umbraco-CMS/commit/9f37db18d11c8ba4e3ecdeb35291af30ebee7cd0 https://github.com/umbraco/Umbraco-CMS/commit/da43086017e1e318f6b5373391d78421efebce3a https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-75vq-qvhr-7ffr
Patch
https://github.com/umbraco/Umbraco-CMS/releases
Share on: