CVE-2024-48926: Umbraco CMS logout page displayed before session expiration

October 22, 2024

The Backoffice displays the logout page with a session timeout message before the server session has fully expired, causing users to believe they have been logged out approximately 30 seconds before they actually are.

References

github.com/advisories/GHSA-fp6q-gccw-7qqm
github.com/umbraco/Umbraco-CMS
github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-fp6q-gccw-7qqm
nvd.nist.gov/vuln/detail/CVE-2024-48926

Code Behaviors & Features

Detect and mitigate CVE-2024-48926 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →