Privilege Escalation Vulnerability In Umbraco

Researcher identified in Umbraco CMS — privilege escalation vulnerability allowing attackers to access resources which are normally accessible only by higher-privileged users.

Umbraco CMS — CVE-2020-29454

Description:

Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.

Security researcher from Trustwave addressed a security vulnerability in Umbraco CMS – privilege escalation vulnerability.

However, issue in the core administrative screens which allow a low privileged user to access various resources otherwise limited to higher privileged users, according to Trustwave SpiderLabs Security Advisory.

The issue exists in an API endpoint which does not properly check the user’s authorization prior to returning results found in the application’s logging section.

In addition, The affected endpoint paths include the following:

/umbraco/backoffice/UmbracoApi/LogViewer/GetSavedSearches
/umbraco/backoffice/UmbracoApi/LogViewer/GetLogLevel
/umbraco/backoffice/UmbracoApi/LogViewer/GetLogs
/umbraco/backoffice/UmbracoApi/LogViewer/GetNumberOfErrors
/umbraco/backoffice/UmbracoApi/LogViewer/GetMessageTemplates
/umbraco/backoffice/UmbracoApi/LogViewer/GetLogLevelCounts
/umbraco/backoffice/UmbracoApi/Language/GetAllLanguages

This log data contains whatever may have been inserted into the application logs per configuration (here, Information level) or custom exception handling routines.

Note that the risk of the information leak will be contextualized based off what is actually logged by default or by whatever additional logging the application maintainer has decided to add.

For example, custom logging of a failed authentication routine could potentially leak usernames and passwords to the log.

Version affected: Umbraco CMS Prior to 8.10.0

Remediation Steps

Upgrade to Umbraco CMS 8.10.0 or the latest stable version.

References

Also Trustwave mentioned that has not verified the fixes.

https://umbraco.com/about-us/trust-center/security-and-umbraco/how-to-report-a-vulnerability-in-umbraco/list-of-security-contributors/

Follow Us on: Twitter, Instagram, Facebook to get the latest security news!

Post Views: 602

About the Author: FHN

FirstHackersNews- Identifies Security

Umbraco CMS — CVE-2020-29454

Description:

Remediation Steps

References

About the Author: FHN

BADBOX botnet hacked 74,000 Android devices with remote codes

Malicious supply chain attacks shift from npm to VSCode Marketplace

Careto: A Notorious Threat Group Targets Windows with Microphone Recording and File Theft

New VIPKeyLogger in Office Docs Steals Credentials

Hackers Exploit Windows Management Console for Backdoor Payloads

Leave A Comment Cancel reply

Newsletter

Get Social

Categories

Recent posts

Privilege Escalation Vulnerability In Umbraco

Privilege Escalation Vulnerability In Umbraco

Umbraco CMS — CVE-2020-29454

Description:

Remediation Steps

References

Share This Page to Make Others Learn & Act Fast-->Choose Your Platform!

About the Author: FHN

Related Posts

BADBOX botnet hacked 74,000 Android devices with remote codes

Malicious supply chain attacks shift from npm to VSCode Marketplace

Careto: A Notorious Threat Group Targets Windows with Microphone Recording and File Theft

New VIPKeyLogger in Office Docs Steals Credentials

Hackers Exploit Windows Management Console for Backdoor Payloads

Leave A Comment Cancel reply

Newsletter

Get Social

Categories

Recent posts