MEDIUM 4.3
GHSA-4vp3-vfww-8648
Incorrect permission enforcement in UmbracoCms
Details
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.
Are you affected?
Enter the version of the package you're using.
Affected packages
NuGet / UmbracoCms
Introduced in:
0 Fixed in: 8.10.0 Fix
dotnet add package UmbracoCms --version 8.10.0