CVE-2024-29035: 
C# vulnerability analysis and mitigation

CVE-2024-29035 affects Umbraco, an ASP.NET CMS, where failing webhooks logs are accessible when the solution is not in debug mode. The vulnerability was discovered and disclosed in April 2024, affecting versions 13.0.0 through 13.1.1. This security issue has been fixed in version 13.1.1 (Vendor Advisory).

The vulnerability allows access to failing webhooks logs when the application is not in debug mode. These logs can contain critical information that should not be exposed. The issue has been assigned a CVSS v3.1 base score of 5.3 (MEDIUM) by NVD with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, while GitHub assessed it as 4.1 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N. The vulnerability is classified as CWE-918 (Server-Side Request Forgery) (NVD).

The vulnerability exposes critical information through webhook logs that should not be accessible when the application is not in debug mode. This could potentially lead to unauthorized access to sensitive information contained within these logs (Vendor Advisory).

The vulnerability has been patched in Umbraco version 13.1.1. As a workaround, users can disable the webhooks functionality if unable to update immediately (Vendor Advisory, Patch).