216.73.217.176

CVE-2024-48926

· Published 22/10/2024 16:15 · Modified 25/10/2024 16:19

Labels: CVE-2024-48926 2024-10-22CVE-2024-48926CWE-613[email protected]

Essential information

Published
22/10/2024 16:15
Modified
25/10/2024 16:19
Author
Creator
CVSS
3.1 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS metrics

Description

Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a session timeout message before the server session has fully expired, causing users to believe they have been logged out approximately 30 seconds before they actually are. Versions 13.5.2, 10.8,7, and 8.18.15 contain a patch for the issue.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
umbraco / umbraco cms cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*
umbraco / umbraco cms cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*
umbraco / umbraco cms cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*

References