{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T07:27:13.436","vulnerabilities":[{"cve":{"id":"CVE-2023-49089","sourceIdentifier":"security-advisories@github.com","published":"2023-12-12T19:15:07.840","lastModified":"2024-11-21T08:32:47.960","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue."},{"lang":"es","value":"Umbraco es un sistema de gestión de contenidos (CMS) ASP.NET. A partir de la versión 8.0.0 y anteriores a las versiones 8.18.10, 10.8.1 y 12.3.0, los usuarios de Backoffice con permisos para crear paquetes pueden utilizar el path traversal y, por lo tanto, escribir fuera de la ubicación esperada. Las versiones 8.18.10, 10.8.1 y 12.3.0 contienen un parche para este problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.18.10","matchCriteriaId":"FAFFD03D-00A2-4AA4-A727-FA10CFC1446F"},{"vulnerable":true,"criteria":"cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.8.1","matchCriteriaId":"03FE24B3-A0E4-4235-B990-51E9B6F877F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.3.0","matchCriteriaId":"C6F87B7F-5070-4696-983D-42326E61B2E6"}]}]}],"references":[{"url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6324-52pr-h4p5","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6324-52pr-h4p5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}