Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-49274: SMTP misconfiguration leading to potential registered user email.

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.

CVE
Open in Source
#vulnerability#asp.net

Package

nuget Umbraco.CMS (NuGet)

Affected versions

> 8.0.0

Patched versions

8.18.10, 10.8.1, 12.3.4+

Description

Impact

A user enumeration attack is possible when SMTP is not setup correctly, but reset password is enabled

Explanation of the vulnerability

To be revealed at a later point in time.

Related news

GHSA-8qp8-9rpw-j46c: SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.

#### Impact A user enumeration attack is possible when SMTP is not setup correctly, but reset password is enabled

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE