CVE-2022-25776

Published: Sep 18, 2024Modified: Sep 24, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names.

Affected (2)

Products: Acquia: Mautic

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Acquia Mautic	From 1.0.2 to 4.4.12
Acquia Mautic	From 5.0.0 to 5.0.4

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (1)

https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8

Source: security@mautic.org

Third Party Advisory

Timeline

No history available yet.