Incomplete Server Termination During Explicit Sign-Out

Moderate

bergmania published GHSA-wxw9-6pv9-c3xc

Oct 22, 2024

Package

Umbraco.CMS (NuGet)

Affected versions

13.0.0 - 13.5.1

10.0.0 - 10.8.6

Patched versions

13.5.2

10.8.7

Description

Impact

During an explicit sign-out, the server session is not fully terminated.

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

High

Privileges required

None

User interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N