Under rare conditions, a restart of Umbraco can allow unauthorized users to gain admin-level permissions.
Impact
An unauthorized user gaining admin-level access and permissions to the backoffice.
Patches
10.6.1, 11.4.2, 12.0.1
Workarounds
- Enabling the Unattended Install feature will mean the vulnerability is not exploitable.
- Enabling IP restrictions to
*/install/* and */umbraco/* will limit the exposure to allowed IP addresses.
Explanation of the vulnerability
We consider this issue a high-severity vulnerability as attackers may be able to temporarily make the configured database unavailable to Umbraco.
This is not a vulnerability in itself, but if Umbraco is restarted, while the database is unavailable, it will boot into installation mode.
When this happens, and the attacker successfully can re-establish the connection between Umbraco and the database, it will be possible to reset the admin credentials and then log in as an administrator.
1k-off Reporter
dmitryMinaev Remediation reviewer
a-karandashov Remediation reviewer
Under rare conditions, a restart of Umbraco can allow unauthorized users to gain admin-level permissions.
Impact
An unauthorized user gaining admin-level access and permissions to the backoffice.
Patches
10.6.1, 11.4.2, 12.0.1
Workarounds
*/install/*and*/umbraco/*will limit the exposure to allowed IP addresses.Explanation of the vulnerability
We consider this issue a high-severity vulnerability as attackers may be able to temporarily make the configured database unavailable to Umbraco.
This is not a vulnerability in itself, but if Umbraco is restarted, while the database is unavailable, it will boot into installation mode.
When this happens, and the attacker successfully can re-establish the connection between Umbraco and the database, it will be possible to reset the admin credentials and then log in as an administrator.