CVE-2024-43376: Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information

August 20, 2024 (updated September 17, 2024)

Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode.

References

github.com/advisories/GHSA-77gj-crhp-3gvx
github.com/umbraco/Umbraco-CMS
github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004
github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx
nvd.nist.gov/vuln/detail/CVE-2024-43376

Code Behaviors & Features

Detect and mitigate CVE-2024-43376 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →