Information Exposure Affecting umbracocms.identityextensions package, versions [0,]


Severity

Recommended
0.0
low
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.1% (45th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DOTNET-UMBRACOCMSIDENTITYEXTENSIONS-5673803
  • published11 Jun 2023
  • disclosed11 Jun 2023
  • creditmerijng

Introduced: 11 Jun 2023

CVE-2023-32312  (opens in a new tab)
CWE-200  (opens in a new tab)

How to fix?

A fix was pushed into the master branch but not yet published.

Overview

UmbracoCms.IdentityExtensions is a Code files & installation that enables easy extensibility points for ASP.Net Identity and the Umbraco back office.

Affected versions of this package are vulnerable to Information Exposure. Client secrets are not required which may expose some endpoints to untrusted actors.

CVSS Scores

version 3.1