{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T19:02:01.346","vulnerabilities":[{"cve":{"id":"CVE-2024-48925","sourceIdentifier":"security-advisories@github.com","published":"2024-10-22T16:15:07.853","lastModified":"2024-10-25T14:12:18.833","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section. Version 14.3.0 contains a patch."},{"lang":"es","value":"Umbraco, un sistema de gestión de contenido .NET gratuito y de código abierto, tiene un problema de control de acceso incorrecto a partir de la versión 14.0.0 y anteriores a la versión 14.3.0. El problema permite que los usuarios con pocos privilegios accedan a la API de webhook y recuperen información que debería estar restringida a los usuarios con acceso a la sección de configuración. La versión 14.3.0 contiene un parche."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N","baseScore":0.0,"baseSeverity":"NONE","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":0.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0.0","versionEndExcluding":"14.3.0","matchCriteriaId":"C572B30F-163B-4133-98A0-4FE1EF147F75"}]}]}],"references":[{"url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-4gp9-ff99-j6vj","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}