GHSA-hmg4-wwm5-p999: Infoleak
First published: Tue Jan 21 2025(Updated: )
### Impact Based on an analysis of response codes and timing of Umbraco 14+ management API responses, it's possible to determine whether an account exists. ### Patches Will be patched in 14.3.2 and 15.1.2. ### Workarounds None available.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| nuget/Umbraco.Cms | >=15.0.0<15.1.2 | 15.1.2 |
| nuget/Umbraco.Cms | >=14.0.0<14.3.2 | 14.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-hmg4-wwm5-p999
- https://nvd.nist.gov/vuln/detail/CVE-2025-24011
- https://github.com/umbraco/Umbraco-CMS/commit/559c6c9f312df1d6eb1bde82c4b81c0896da6382
- https://github.com/umbraco/Umbraco-CMS/commit/839b6816f2ae3e5f54459a0f09dad6b17e2d1e07
- https://github.com/advisories/GHSA-hmg4-wwm5-p999 (Advisory)
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-hmg4-wwm5-p999
- alias/CVE-2025-24011
- agent/software-canonical-lookup
- agent/weakness
- agent/references
- agent/source
- agent/severity
- agent/last-modified-date
- agent/type
- agent/tags
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- package-manager/nuget