Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts discovered a privilege escalation issue in popular Umbraco CMS

Experts discovered a vulnerability in the popular CMS Umbraco that could allow low privileged users to escalate privileges to “admin.” Security experts from Trustwave have discovered a privilege escalation vulnerability in the popular website CMS, Umbraco. The vulnerability affects an API endpoint that fails to properly check the user’s authorization prior to returning results found to […]

umbraco

Experts discovered a vulnerability in the popular CMS Umbraco that could allow low privileged users to escalate privileges to “admin.”

Security experts from Trustwave have discovered a privilege escalation vulnerability in the popular website CMS, Umbraco.

The vulnerability affects an API endpoint that fails to properly check the user’s authorization prior to returning results found to the application’s logging section.

“Umbraco version 8.9.0 (also seen in 8.6.3) has a privilege escalation issue in the core administrative screens which allows a low privileged user to access various resources otherwise limited to higher privileged users.” reads the post published by Trustwave. “The issue exists in an API endpoint that does not properly check the user’s authorization prior to returning results found in the application’s logging section.”

umbraco

Users with higher privileges (i.e. Administrator) has the ability to view log data in the administrative UI.

The log data include information inserted into the application logs per configuration or generated by custom exception handling routines. 

Experts demonstrated the existence of the flaw using an Administrator user to create a lower privileged user and placed it in the Writers group, which has limited access to the application. 

The new user can only view the content tab indicating the intent of limiting what Writers can do or see within the application.

Upon authentication to the application, the low-privileged user is given the requisite cookies and headers in order to access it.

The low privileged user then authenticates to the application, and is provided with the necessary cookies and headers to access it.

“Using these identifiers, the low privileged user can access the API endpoint which returns the log data only available to the Administrator via the UI” continues the analysis published by Trustwave. “It was observed in the Umbraco.Web.dll that the LogViewerController class uses no granular authorization attributes on its exposed endpoints.”

Trustwave researchers discovered that the Umbraco.Web.dll library used by the LogViewerController class doesn’t properly implement the authorization process on its exposed endpoints, this means that endpoints are accessible for lower privileged users.

“Conversely, there are other areas which do protect resources such as the UsersController wherein some methods are explicitly limited to Administrative users (“[AdminUsersAuthorize]” attribute) or must otherwise give permission to the controller (“[UmbracoApplicationAuthorize]”).” concludes the analysis. “A similar approach should be used for the LogViewerController to limit unauthorized access to its data.”

The privilege escalation issue affects Umbraco versions 8.9.0 and 8.6.3, while version 7.x is not affected by this vulnerability.

The development team behind the CMS quickly addressed the flaw with the release of Umbraco CMS 8.10.0.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, privilege escalation)

[adrotate banner=”5″]

[adrotate banner=”13″]