CVE-2023-49273: 
C# vulnerability analysis and mitigation

Umbraco, an ASP.NET content management system (CMS), contains a privilege escalation vulnerability (CVE-2023-49273) that affects versions from 8.0.0 up to but not including versions 8.18.10, 10.8.1, and 12.3.4. The vulnerability allows users with low privileges (such as Editors) to access unintended endpoints (GitHub Advisory, NVD).

The vulnerability has a CVSS v3.1 base score of 5.4 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N. The vulnerability can be exploited remotely over the network, requires low attack complexity, needs low-level privileges, and doesn't require user interaction. The scope is unchanged, with low impact on both confidentiality and integrity, and no impact on availability (GitHub Advisory).

The vulnerability allows low-privileged users to access several unauthorized endpoints including: the examine dashboard, published cache dashboard, telemetry dashboard, languages section, stylesheets, and the ability to delete redirect URLs even when disabled by administrators (GitHub Advisory).

The vulnerability has been patched in Umbraco versions 8.18.10, 10.8.1, and 12.3.4. Users are advised to upgrade to these versions or later to address this security issue (GitHub Advisory).