Strix
26.1K

CVE-2024-48926

LOWCVSS 3.1/10EPSS 0.24%

Last modified

CVE-2024-48926 is a low-severity vulnerability rated 3.1/10 on the CVSS scale. Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a session timeout message before the server session has fully expired, causing users to believe they have been logged out approximately 30 seconds before they actually are. EPSS estimates a 0.24% chance of exploitation in the next 30 days.

Description

Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a session timeout message before the server session has fully expired, causing users to believe they have been logged out approximately 30 seconds before they actually are. Versions 13.5.2, 10.8,7, and 8.18.15 contain a patch for the issue.

Metrics

CVSS 3.1
3.1/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS Probability
0.24%

15.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
UmbracoUmbraco Cms>= 8.0, < 8.18.15
UmbracoUmbraco Cms>= 10.0, < 10.8.7
UmbracoUmbraco Cms>= 13.0, < 13.5.2

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-48926?
Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a session timeout message before the server session has fully expired, causing users to believe they have been logged out approximately 30 seconds before they actually are. Versions 13.5.2, 10.8,7, and 8.18.15 contain a patch for the issue.
How severe is CVE-2024-48926?
CVE-2024-48926 has a CVSS score of 3.1/10 (LOW severity). The EPSS model estimates a 0.24% probability of exploitation in the next 30 days.
How do I fix CVE-2024-48926?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-48926?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST