CVE-2024-29035: Blind SSRF Leads to Port Scan by using Webhooks

April 17, 2024 (updated February 12, 2025)

Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical.

References

github.com/advisories/GHSA-74p6-39f2-23v3
github.com/umbraco/Umbraco-CMS
github.com/umbraco/Umbraco-CMS/commit/6b8067815c02ae43161966a8075a3585e1bc4de0
github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-74p6-39f2-23v3
nvd.nist.gov/vuln/detail/CVE-2024-29035

Detect and mitigate CVE-2024-29035 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →