FLAT-NDD8J – Vulnerability

Server-side request forgery (SSRF) In umbracocms

Description

Umbraco CMS contains a server-side request forgery vulnerability Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
nuget	umbracocms	=8.14.1

Aliases

1. CVE-2021-477762. NVD-2021-477763. OSV-2021-47776

References

1. https://our.umbraco.com2. https://releases.umbraco.com/all-releases3. https://www.exploit-db.com/exploits/50462

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.