6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-34071

GHSA ID

GHSA-j74q-mv2c-rxmp

EPSS Score

0.58963%

CWE

CWE-601

Published

5/21/2024

Updated

5/21/2024

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-34071

CVE-2024-34071:
Umbraco CMS Open Redirect Bypass Protection

Impact

Umbraco have an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice, before the vulnerability is exposed.

Affected Version

>= 8.18.5, >= 10.5.0, >= 12.0.0, >= 13.0.0

Patches

8.18.14, 10.8.6, 12.3.10, 13.3.1

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-34071

GHSA ID

GHSA-j74q-mv2c-rxmp

EPSS Score

0.58963%

CWE

CWE-601

Published

5/21/2024

Updated

5/21/2024

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
UmbracoCms.Core	nuget	>= 8.18.5, < 8.18.14	8.18.14
UmbracoCms.Core	nuget	>= 10.5.0, < 10.8.6	10.8.6
UmbracoCms.Core	nuget	>= 12.0.0, < 12.3.10	12.3.10
UmbracoCms.Core	nuget	>= 13.0.0, < 13.3.1	13.3.1
Umbraco.Cms.Web.BackOffice	nuget	>= 8.18.5, < 8.18.14	8.18.14
Umbraco.Cms.Web.BackOffice	nuget	>= 10.5.0, < 10.8.6	10.8.6
Umbraco.Cms.Web.BackOffice	nuget	>= 12.0.0, < 12.3.10	12.3.10
Umbraco.Cms.Web.BackOffice	nuget	>= 13.0.0, < 13.3.1	13.3.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from improper validation of redirect URLs. The original implementations used Uri.IsWellFormedUriString, which considers protocol-relative URLs (e.g., '//evil.com') as valid relative URIs. Attackers could exploit this to create open redirects. The patches introduced WebPath.IsWellFormedWebPath, which explicitly rejects protocol-relative URLs when validating relative paths. The affected functions were in ImagesController (IsAllowed) and PreviewController (End), where the flawed validation occurred.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t Um*r**o **v* *n *n*point t**t is vuln*r**l* to op*n r**ir**ts. T** *n*point is prot**t** so it r*quir*s t** us*r to ** si*n** into ***ko**i**, ***or* t** vuln*r**ility is *xpos**. ### *****t** V*rsion \>= *.**.*, >= **.*.*, >= **.*.*, >=

Reasoning

T** vuln*r**ility st*mm** *rom improp*r v*li**tion o* r**ir**t URLs. T** ori*in*l impl*m*nt*tions us** `Uri.IsW*ll*orm**UriStrin*`, w*i** *onsi**rs proto*ol-r*l*tiv* URLs (*.*., '//*vil.*om') *s v*li* r*l*tiv* URIs. *tt**k*rs *oul* *xploit t*is to *r

6.1

Basic Information

Concerned about an active attack path?

CVE-2024-34071: Umbraco CMS Open Redirect Bypass Protection

Impact

Affected Version

Patches

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2024-34071:
Umbraco CMS Open Redirect Bypass Protection

Vulnerability Intelligence
Miggo AI