Primary

Context

Umbraco Improper API Access Control Vulnerability in API Management Package Allowing Low-Privilege User Modifications

Vulnerability

Patched

A vulnerability exists in Umbraco's API management package, specifically in versions prior to 15.2.3 and 14.3.3. The issue stems from improper API access control, which enables low-privilege, authenticated users to create and update data type information. This functionality should be reserved for users with access to the settings section.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of data type information by low-privilege users.

Remediation

Users can upgrade to Umbraco versions 15.2.3 or 14.3.3 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Umbraco Improper API Access Control Vulnerability in API Management Package Allowing Low-Privilege User Modifications

Vulnerability

Impact

Remediation

Affected Products

Umbraco

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating