CVE-2024-34071: Umbraco CMS Open Redirect Bypass Protection
(updated )
Umbraco have an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice, before the vulnerability is exposed.
References
- github.com/advisories/GHSA-j74q-mv2c-rxmp
- github.com/umbraco/Umbraco-CMS
- github.com/umbraco/Umbraco-CMS/commit/5f24de308584b9771240a6db1a34630a5114c450
- github.com/umbraco/Umbraco-CMS/commit/c17d4e1a600098ec524e4126f4395255476bc33f
- github.com/umbraco/Umbraco-CMS/commit/c8f71af646171074c13e5c34f74312def4512031
- github.com/umbraco/Umbraco-CMS/commit/d8df405db4ea884bb4b96f088d10d9a2070cf024
- github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-j74q-mv2c-rxmp
- nvd.nist.gov/vuln/detail/CVE-2024-34071
Code Behaviors & Features
Detect and mitigate CVE-2024-34071 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →