Search criteria
40 vulnerabilities by acquia
CVE-2025-9954 (GCVE-0-2025-9954)
Vulnerability from cvelistv5 – Published: 2025-10-29 23:12 – Updated: 2025-10-30 14:45
VLAI?
Summary
Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5.
Severity ?
7.5 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Drupal | Acquia DAM |
Affected:
0.0.0 , < 1.1.5
(semver)
|
Credits
Brandon Goodwin (bgoodie)
Chris Burge (chris burge)
Todd Woofenden (toddwoof)
Chris Burge (chris burge)
Damien McKenna (damienmckenna)
Jakob P (japerry)
Todd Woofenden (toddwoof)
cilefen (cilefen)
Greg Knaddison (greggles)
Cathy Theys (yesct)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-9954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T14:44:50.718831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T14:45:16.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/acquia_dam",
"defaultStatus": "unaffected",
"product": "Acquia DAM",
"repo": "https://git.drupalcode.org/project/acquia_dam",
"vendor": "Drupal",
"versions": [
{
"lessThan": "1.1.5",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brandon Goodwin (bgoodie)"
},
{
"lang": "en",
"type": "finder",
"value": "Chris Burge (chris burge)"
},
{
"lang": "en",
"type": "finder",
"value": "Todd Woofenden (toddwoof)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Chris Burge (chris burge)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Damien McKenna (damienmckenna)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Jakob P (japerry)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Todd Woofenden (toddwoof)"
},
{
"lang": "en",
"type": "coordinator",
"value": "cilefen (cilefen)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison (greggles)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Cathy Theys (yesct)"
}
],
"datePublic": "2025-09-03T16:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.\u003cp\u003eThis issue affects Acquia DAM: from 0.0.0 before 1.1.5.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5."
}
],
"impacts": [
{
"capecId": "CAPEC-87",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-87 Forceful Browsing"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T23:12:41.751Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2025-105"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Acquia DAM - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-105",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2025-9954",
"datePublished": "2025-10-29T23:12:41.751Z",
"dateReserved": "2025-09-03T14:46:35.965Z",
"dateUpdated": "2025-10-30T14:45:16.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47055 (GCVE-0-2024-47055)
Vulnerability from cvelistv5 – Published: 2025-05-28 17:34 – Updated: 2025-05-29 19:02
VLAI?
Summary
SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks.
Insecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the cloneAction of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones.
MitigationUpdate Mautic to a version that implements proper authorization checks for the cloneAction within the ListController.php. Ensure that users attempting to clone segments possess the appropriate creation permissions.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
Credits
Abhisek Mazumdar
Abhisek Mazumdar
Patryk Gruszka
Abhisek Mazumdar
Nick Vanpraet
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T19:02:39.346633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T19:02:53.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 5.2.6, \u003c 6.0.2",
"status": "affected",
"version": "\u003e 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abhisek Mazumdar"
},
{
"lang": "en",
"type": "reporter",
"value": "Abhisek Mazumdar"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Abhisek Mazumdar"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Nick Vanpraet"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch3\u003eSummary\u003c/h3\u003e\u003cp\u003eThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks.\u003c/p\u003e\u003cp\u003eInsecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the \u003ccode\u003ecloneAction\u003c/code\u003e\u0026nbsp;of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones.\u003c/p\u003e\u003ch3\u003eMitigation\u003c/h3\u003e\u003cp\u003eUpdate Mautic to a version that implements proper authorization checks for the \u003ccode\u003ecloneAction\u003c/code\u003e\u0026nbsp;within the \u003ccode\u003eListController.php\u003c/code\u003e. Ensure that users attempting to clone segments possess the appropriate creation permissions.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks.\n\nInsecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the cloneAction\u00a0of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones.\n\nMitigationUpdate Mautic to a version that implements proper authorization checks for the cloneAction\u00a0within the ListController.php. Ensure that users attempting to clone segments possess the appropriate creation permissions."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:34:32.181Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782"
}
],
"source": {
"advisory": "GHSA-vph5-ghq3-q782",
"discovery": "UNKNOWN"
},
"title": "Segment cloning doesn\u0027t have a proper permission check",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2024-47055",
"datePublished": "2025-05-28T17:34:32.181Z",
"dateReserved": "2024-09-17T13:41:00.584Z",
"dateUpdated": "2025-05-29T19:02:53.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47051 (GCVE-0-2024-47051)
Vulnerability from cvelistv5 – Published: 2025-02-26 12:01 – Updated: 2025-02-26 14:29
VLAI?
Summary
This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users.
* Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts.
* Path Traversal File Deletion: A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system.
Severity ?
9.1 (Critical)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mautic | mautic/core |
Affected:
< 5.2.3
|
Credits
mallo-m
Patryk Gruzska
Lenon Leite
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47051",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:29:14.685636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T14:29:46.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "mautic/core",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"status": "affected",
"version": "\u003c 5.2.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "mallo-m"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruzska"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
}
],
"datePublic": "2025-02-25T11:44:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cstrong\u003eRemote Code Execution (RCE) via Asset Upload:\u003c/strong\u003e\u0026nbsp;A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cstrong\u003ePath Traversal File Deletion:\u003c/strong\u003e\u0026nbsp;A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users.\n\n * Remote Code Execution (RCE) via Asset Upload:\u00a0A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts.\n\n\n * Path Traversal File Deletion:\u00a0A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
},
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T12:01:26.374Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2"
},
{
"url": "https://owasp.org/www-community/attacks/Code_Injection"
},
{
"url": "https://owasp.org/www-community/attacks/Path_Traversal"
}
],
"source": {
"advisory": "GHSA-73gx-x7r9-77x2",
"discovery": "USER"
},
"title": "Remote Code Execution \u0026 File Deletion in Asset Uploads",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2024-47051",
"datePublished": "2025-02-26T12:01:26.374Z",
"dateReserved": "2024-09-17T13:41:00.584Z",
"dateUpdated": "2025-02-26T14:29:46.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47053 (GCVE-0-2024-47053)
Vulnerability from cvelistv5 – Published: 2025-02-26 11:54 – Updated: 2025-03-12 19:51
VLAI?
Summary
This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data.
* Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the "Reporting Permissions > View Own" and "Reporting Permissions > View Others" permissions, which should restrict access to non-System Reports.
Severity ?
7.7 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mautic | mautic/core |
Affected:
>= 1.0.1 , < < 5.2.3
(semver)
|
Credits
Putzwasser
Lenon Leite
Patryk Gruszka
John Linhart
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47053",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:43:36.534365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T19:51:32.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "mautic/core",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 5.2.3",
"status": "affected",
"version": "\u003e= 1.0.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Putzwasser"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
}
],
"datePublic": "2025-02-25T11:44:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis advisory addresses an authorization vulnerability in Mautic\u0027s HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eImproper Authorization:\u003c/strong\u003e\u0026nbsp;An authorization flaw exists in Mautic\u0027s API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the \"Reporting Permissions \u0026gt; View Own\" and \"Reporting Permissions \u0026gt; View Others\" permissions, which should restrict access to non-System Reports.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "This advisory addresses an authorization vulnerability in Mautic\u0027s HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data.\n\n * Improper Authorization:\u00a0An authorization flaw exists in Mautic\u0027s API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the \"Reporting Permissions \u003e View Own\" and \"Reporting Permissions \u003e View Others\" permissions, which should restrict access to non-System Reports."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T11:55:28.089Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc"
},
{
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"url": "https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings"
}
],
"source": {
"advisory": "GHSA-8xv7-g2q3-fqgc",
"discovery": "USER"
},
"title": "Improper Authorization in Reporting API",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDisable the API in Mautic. See \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings\"\u003edocumentation\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "Disable the API in Mautic. See documentation https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2024-47053",
"datePublished": "2025-02-26T11:54:17.219Z",
"dateReserved": "2024-09-17T13:41:00.584Z",
"dateUpdated": "2025-03-12T19:51:32.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25773 (GCVE-0-2022-25773)
Vulnerability from cvelistv5 – Published: 2025-02-26 11:48 – Updated: 2025-03-12 19:51
VLAI?
Summary
This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server.
* Improper Limitation of a Pathname to a Restricted Directory: A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory.
Severity ?
4.3 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mautic | mautic/core |
Affected:
< 5.2.3
(semver)
|
Credits
Patryk Gruzska
Majkelstick
John Linhart
Lenon Leite
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:54:09.781777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T19:51:58.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "mautic/core",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"status": "affected",
"version": "\u003c 5.2.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Patryk Gruzska"
},
{
"lang": "en",
"type": "finder",
"value": "Majkelstick"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Lenon Leite"
}
],
"datePublic": "2025-02-25T11:44:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eImproper Limitation of a Pathname to a Restricted Directory:\u003c/strong\u003e\u0026nbsp;A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server.\n\n * Improper Limitation of a Pathname to a Restricted Directory:\u00a0A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T11:56:45.572Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-4w2w-36vm-c8hf"
}
],
"source": {
"advisory": "GHSA-4w2w-36vm-c8hf",
"discovery": "INTERNAL"
},
"title": "Relative Path Traversal in assets file upload",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25773",
"datePublished": "2025-02-26T11:48:33.383Z",
"dateReserved": "2022-02-22T20:17:36.805Z",
"dateUpdated": "2025-03-12T19:51:58.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13261 (GCVE-0-2024-13261)
Vulnerability from cvelistv5 – Published: 2025-01-09 19:14 – Updated: 2025-01-10 21:26
VLAI?
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.This issue affects Acquia DAM: from 0.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3.
Severity ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Drupal | Acquia DAM |
Affected:
0.0.0 , < 1.0.13
(semver)
Affected: 1.1.0 , < 1.1.0-beta3 (semver) |
Credits
Matt Glaman
Matt Glaman
Greg Knaddison
Balázs Ertl-Bakos
Jakob Perry
Greg Knaddison
xjm
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T21:25:45.581312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T21:26:25.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/acquia_dam",
"defaultStatus": "unaffected",
"product": "Acquia DAM",
"repo": "https://git.drupalcode.org/project/acquia_dam",
"vendor": "Drupal",
"versions": [
{
"lessThan": "1.0.13",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.0-beta3",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matt Glaman"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Matt Glaman"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Greg Knaddison"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Bal\u00e1zs Ertl-Bakos"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Jakob Perry"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison"
},
{
"lang": "en",
"type": "coordinator",
"value": "xjm"
}
],
"datePublic": "2024-06-05T16:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.\u003cp\u003eThis issue affects Acquia DAM: from 0.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.This issue affects Acquia DAM: from 0.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:14:19.954Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Acquia DAM - Moderately critical - Cross Site Request Forgery, Denial of Service - SA-CONTRIB-2024-025",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2024-13261",
"datePublished": "2025-01-09T19:14:19.954Z",
"dateReserved": "2025-01-09T18:27:56.519Z",
"dateUpdated": "2025-01-10T21:26:25.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25770 (GCVE-0-2022-25770)
Vulnerability from cvelistv5 – Published: 2024-09-18 21:26 – Updated: 2024-09-19 14:47
VLAI?
Summary
Mautic allows you to update the application via an upgrade script.
The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.
This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.
Severity ?
7.8 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
Credits
Mattias Michaux
Zdeno Kuzmany
Mattias Michaux
John Linhart
Patryk Gruszka
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T14:47:02.190322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:47:14.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core-lib",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.13",
"status": "affected",
"version": "\u003e= 1.0.0-beta3",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.1.1.",
"status": "affected",
"version": "\u003e= 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mattias Michaux"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Zdeno Kuzmany"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Mattias Michaux"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka"
}
],
"datePublic": "2024-09-18T20:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mautic allows you to update the application via an upgrade script.\u003cbr\u003e\u003cbr\u003eThe upgrade logic isn\u0027t shielded off correctly, which may lead to vulnerable situation.\u003cbr\u003e\u003cbr\u003eThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.\u003cbr\u003e"
}
],
"value": "Mautic allows you to update the application via an upgrade script.\n\nThe upgrade logic isn\u0027t shielded off correctly, which may lead to vulnerable situation.\n\nThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:26:34.059Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to 4.4.13 or 5.1.1 or higher."
}
],
"value": "Upgrade to 4.4.13 or 5.1.1 or higher."
}
],
"source": {
"advisory": "GHSA-qf6m-6m4g-rmrc",
"discovery": "INTERNAL"
},
"title": "Insufficient authentication in upgrade flow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25770",
"datePublished": "2024-09-18T21:26:34.059Z",
"dateReserved": "2022-02-22T20:17:36.804Z",
"dateUpdated": "2024-09-19T14:47:14.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47059 (GCVE-0-2024-47059)
Vulnerability from cvelistv5 – Published: 2024-09-18 21:19 – Updated: 2024-09-25 20:46
VLAI?
Summary
When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak.
However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification.
This difference could be used to perform username enumeration.
Severity ?
4.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Credits
Patryk Gruszka
John Linhart
Tomasz Kowalczyk
Rafał Kamiński
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mautic:mautic:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mautic",
"vendor": "mautic",
"versions": [
{
"lessThan": "5.1.1",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T20:45:37.083409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T20:46:12.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 5.1.1",
"status": "affected",
"version": "\u003e= 5.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka"
},
{
"lang": "en",
"type": "remediation verifier",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Tomasz Kowalczyk"
},
{
"lang": "en",
"type": "finder",
"value": "Rafa\u0142 Kami\u0144ski"
}
],
"datePublic": "2024-09-18T20:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak.\u003cbr\u003e\u003cbr\u003eHowever when an incorrect username is provided alongside with a weak password, the application responds with \u2019Invalid credentials\u2019 notification.\u003cbr\u003e\u003cbr\u003eThis difference could be used to perform username enumeration."
}
],
"value": "When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak.\n\nHowever when an incorrect username is provided alongside with a weak password, the application responds with \u2019Invalid credentials\u2019 notification.\n\nThis difference could be used to perform username enumeration."
}
],
"impacts": [
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575 Account Footprinting"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T19:29:53.542Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-8vff-35qm-qjvv"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 5.1.1 or later."
}
],
"value": "Update to 5.1.1 or later."
}
],
"source": {
"advisory": "GHSA-8vff-35qm-qjvv",
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-08-06T13:09:00.000Z",
"value": "Issue reported"
},
{
"lang": "en",
"time": "2024-08-06T13:10:00.000Z",
"value": "Fix proposed"
},
{
"lang": "en",
"time": "2023-09-17T12:23:00.000Z",
"value": "QA passed"
}
],
"title": "Users enumeration - weak password login",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2024-47059",
"datePublished": "2024-09-18T21:19:26.951Z",
"dateReserved": "2024-09-17T13:41:00.585Z",
"dateUpdated": "2024-09-25T20:46:12.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27917 (GCVE-0-2021-27917)
Vulnerability from cvelistv5 – Published: 2024-09-18 21:09 – Updated: 2024-09-19 15:40
VLAI?
Summary
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
Severity ?
7.3 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
Credits
Patryk Gruszka
Lenon Leite
John Linhart
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:40:34.799089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:40:48.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.13",
"status": "affected",
"version": "\u003e= 1.0.0-beta4",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.1.1",
"status": "affected",
"version": "\u003e= 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Patryk Gruszka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
}
],
"datePublic": "2024-09-18T20:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.\u003cbr\u003e"
}
],
"value": "Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:09:09.987Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.13 or 5.1.1 or later."
}
],
"value": "Update to 4.4.13 or 5.1.1 or later."
}
],
"source": {
"advisory": "GHSA-xpc5-rr39-v8v2",
"discovery": "USER"
},
"title": "XSS in contact tracking and page hits report",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27917",
"datePublished": "2024-09-18T21:09:09.987Z",
"dateReserved": "2021-03-02T15:53:50.859Z",
"dateUpdated": "2024-09-19T15:40:48.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47050 (GCVE-0-2024-47050)
Vulnerability from cvelistv5 – Published: 2024-09-18 21:04 – Updated: 2024-09-19 15:41
VLAI?
Summary
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
Credits
Mqrtin
Patryk Gruszka
Lenon Leite
John Linhart
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:41:10.814610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:41:19.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.13",
"status": "affected",
"version": "\u003e= 2.6.0",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.1.1",
"status": "affected",
"version": "\u003e 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mqrtin"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Patryk Gruszka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prior to this patch being applied, Mautic\u0027s tracking was vulnerable to Cross-Site Scripting through the Page URL variable.\u003cbr\u003e"
}
],
"value": "Prior to this patch being applied, Mautic\u0027s tracking was vulnerable to Cross-Site Scripting through the Page URL variable."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:04:46.642Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-73gr-32wg-qhh7"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.13 or 5.1.1 or higher."
}
],
"value": "Update to 4.4.13 or 5.1.1 or higher."
}
],
"source": {
"advisory": "GHSA-73gr-32wg-qhh7",
"discovery": "EXTERNAL"
},
"title": "XSS in contact/company tracking (no authentication)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2024-47050",
"datePublished": "2024-09-18T21:04:46.642Z",
"dateReserved": "2024-09-17T13:41:00.584Z",
"dateUpdated": "2024-09-19T15:41:19.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47058 (GCVE-0-2024-47058)
Vulnerability from cvelistv5 – Published: 2024-09-18 21:00 – Updated: 2024-09-19 15:42
VLAI?
Summary
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
Credits
MatisAct
Lenon Leite
John Linhart
Avikarsha Saha
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:42:03.651742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:42:11.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.13",
"status": "affected",
"version": "\u003e= 1.0.0",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.1.1",
"status": "affected",
"version": "\u003e= 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "MatisAct"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Avikarsha Saha"
}
],
"datePublic": "2024-09-18T20:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user\u0027s current session.\u003cbr\u003e"
}
],
"value": "With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user\u0027s current session."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:00:28.950Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.13 or 5.1.1."
}
],
"value": "Update to 4.4.13 or 5.1.1."
}
],
"source": {
"advisory": "GHSA-xv68-rrmw-9xwf",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting (XSS) - stored (edit form HTML field)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2024-47058",
"datePublished": "2024-09-18T21:00:28.950Z",
"dateReserved": "2024-09-17T13:41:00.585Z",
"dateUpdated": "2024-09-19T15:42:11.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25768 (GCVE-0-2022-25768)
Vulnerability from cvelistv5 – Published: 2024-09-18 20:55 – Updated: 2024-09-19 15:42
VLAI?
Summary
The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
Credits
Mattias Michaux
Patryk Gruszka
John Linhart
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:42:37.075391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:42:44.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.13",
"status": "affected",
"version": "\u003e= 1.1.3",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.1.1",
"status": "affected",
"version": "\u003e= 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mattias Michaux"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
}
],
"datePublic": "2024-09-18T17:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.\u003c/p\u003e"
}
],
"value": "The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T20:55:53.187Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-x3jx-5w6m-q2fc"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.13 or 5.1.1 or higher."
}
],
"value": "Update to 4.4.13 or 5.1.1 or higher."
}
],
"source": {
"advisory": "GHSA-x3jx-5w6m-q2fc",
"discovery": "USER"
},
"title": "Improper Access Control in UI upgrade process",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25768",
"datePublished": "2024-09-18T20:55:53.187Z",
"dateReserved": "2022-02-22T20:17:36.803Z",
"dateUpdated": "2024-09-19T15:42:44.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25777 (GCVE-0-2022-25777)
Vulnerability from cvelistv5 – Published: 2024-09-18 15:13 – Updated: 2024-09-18 21:32
VLAI?
Summary
Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.
Severity ?
6.5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
Credits
a-solovev
Lenon Leite
John Linhart
Avikarsha Shah
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T17:16:39.934782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:17:51.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.12",
"status": "affected",
"version": "\u003e= 1.0.0-beta4",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.0.4",
"status": "affected",
"version": "\u003e 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "a-solovev"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Avikarsha Shah"
}
],
"datePublic": "2024-04-12T09:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePrior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.\u003c/p\u003e"
}
],
"value": "Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:32:05.348Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please update to 4.4.12 or 5.0.4 or later."
}
],
"value": "Please update to 4.4.12 or 5.0.4 or later."
}
],
"source": {
"advisory": "GHSA-mgv8-w49f-822w",
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery in Asset section",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25777",
"datePublished": "2024-09-18T15:13:52.308Z",
"dateReserved": "2022-02-22T20:17:36.805Z",
"dateUpdated": "2024-09-18T21:32:05.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25776 (GCVE-0-2022-25776)
Vulnerability from cvelistv5 – Published: 2024-09-18 15:06 – Updated: 2024-09-18 21:31
VLAI?
Summary
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.
Users could potentially access sensitive data such as names and surnames, company names and stage names.
Severity ?
8.3 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Credits
infosec-it-init
Lenon Leite
Avikarsha Saha
John Linhart
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:58:56.678996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:59:05.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.12",
"status": "affected",
"version": "\u003e= 1.0.2",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.0.4",
"status": "affected",
"version": "\u003e5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "infosec-it-init"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Avikarsha Saha"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
}
],
"datePublic": "2024-04-12T17:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePrior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.\u003c/p\u003e\u003cp\u003eUsers could potentially access sensitive data such as names and surnames, company names and stage names.\u003c/p\u003e"
}
],
"value": "Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.\n\nUsers could potentially access sensitive data such as names and surnames, company names and stage names."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:31:01.738Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.12 or 5.0.4 or later."
}
],
"value": "Update to 4.4.12 or 5.0.4 or later."
}
],
"source": {
"advisory": "GHSA-qjx3-2g35-6hv8",
"discovery": "EXTERNAL"
},
"title": "Sensitive Data Exposure due to inadequate user permission settings",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25776",
"datePublished": "2024-09-18T15:06:54.543Z",
"dateReserved": "2022-02-22T20:17:36.805Z",
"dateUpdated": "2024-09-18T21:31:01.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25775 (GCVE-0-2022-25775)
Vulnerability from cvelistv5 – Published: 2024-09-18 15:01 – Updated: 2024-09-18 21:30
VLAI?
Summary
Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.
The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.
Severity ?
6.6 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
Credits
a-solovev
Lenon Leite
John Linhart
John Linhart
Akivarsha Saha
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mautic:mautic:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mautic",
"vendor": "mautic",
"versions": [
{
"lessThan": "4.4.12",
"status": "affected",
"version": "2.14.1",
"versionType": "semver"
},
{
"lessThan": "5.0.4",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T17:46:22.968034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:47:36.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.12",
"status": "affected",
"version": "\u003e= 2.14.1",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.0.4",
"status": "affected",
"version": "\u003e 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "a-solovev"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation developer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Akivarsha Saha"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePrior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.\u003c/p\u003e\u003cp\u003eThe user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.\u003c/p\u003e"
}
],
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.\n\nThe user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:30:23.104Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.12 or 5.0.4 or higher."
}
],
"value": "Update to 4.4.12 or 5.0.4 or higher."
}
],
"source": {
"advisory": "GHSA-jj6w-2cqg-7p94",
"discovery": "EXTERNAL"
},
"title": "SQL Injection in dynamic Reports",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25775",
"datePublished": "2024-09-18T15:01:23.529Z",
"dateReserved": "2022-02-22T20:17:36.805Z",
"dateUpdated": "2024-09-18T21:30:23.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25774 (GCVE-0-2022-25774)
Vulnerability from cvelistv5 – Published: 2024-09-18 14:54 – Updated: 2024-09-18 21:29
VLAI?
Summary
Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.
Users could inject malicious code into the notification when saving Dashboards.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Vautia
Lenon Leite
Zdeno Kuzmany
John Linhart
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T17:55:13.111344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:55:21.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"status": "affected",
"version": "\u003c 4.4.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Vautia"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Zdeno Kuzmany"
},
{
"lang": "en",
"type": "remediation verifier",
"value": "John Linhart"
}
],
"datePublic": "2024-04-12T13:52:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePrior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.\u003c/p\u003e\u003cp\u003eUsers could inject malicious code into the notification when saving Dashboards.\u003c/p\u003e"
}
],
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.\n\nUsers could inject malicious code into the notification when saving Dashboards."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:29:02.453Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-fhcx-f7jg-jx3f"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.12 or later."
}
],
"value": "Update to 4.4.12 or later."
}
],
"source": {
"advisory": "GHSA-fhcx-f7jg-jx3fv",
"discovery": "EXTERNAL"
},
"title": "XSS in Notifications via saving Dashboards",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25774",
"datePublished": "2024-09-18T14:54:36.249Z",
"dateReserved": "2022-02-22T20:17:36.805Z",
"dateUpdated": "2024-09-18T21:29:02.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25769 (GCVE-0-2022-25769)
Vulnerability from cvelistv5 – Published: 2024-09-18 14:47 – Updated: 2024-09-18 21:28
VLAI?
Summary
ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.
This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.
Severity ?
7.2 (High)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
Credits
Mattias Michaux
Mattias Michaux
John Linhart
Zdeno Kuzmany
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mautic:mautic:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mautic",
"vendor": "mautic",
"versions": [
{
"lessThan": "3.3.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T18:10:59.918348Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:12:16.003Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.5",
"versionType": "semver"
},
{
"status": "affected",
"version": "\u003c 4.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mattias Michaux"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Mattias Michaux"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Zdeno Kuzmany"
}
],
"datePublic": "2022-03-02T14:47:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch2\u003eImpact\u003c/h2\u003eThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.\u003cbr\u003e\u003cbr\u003eThis logic isn\u0027t correct, as the regex in the second FilesMatch only checks the filename, not the full path."
}
],
"value": "ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.\n\nThis logic isn\u0027t correct, as the regex in the second FilesMatch only checks the filename, not the full path."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:28:12.305Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56"
},
{
"url": "https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to 3.3.5 or 4.2.0. \u003cbr\u003e\u003cbr\u003eIf you\u0027re using Mautic in a sub-folder with Apache \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e(e.g. example.com/mautic)\u003c/span\u003e, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eplease review the guidance in \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/mautic/mautic/issues/10913#issuecomment-1055681986\"\u003ethis GitHub issue\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;before updating, as you will probably need to make some changes to the .htaccess file after you update.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Upgrade to 3.3.5 or 4.2.0. \n\nIf you\u0027re using Mautic in a sub-folder with Apache (e.g. example.com/mautic), please review the guidance in this GitHub issue https://github.com/mautic/mautic/issues/10913#issuecomment-1055681986 \u00a0before updating, as you will probably need to make some changes to the .htaccess file after you update."
}
],
"source": {
"advisory": "GHSA-mj6m-246h-9w56",
"discovery": "UNKNOWN"
},
"title": "Improper regex in htaccess file",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25769",
"datePublished": "2024-09-18T14:47:09.029Z",
"dateReserved": "2022-02-22T20:17:36.804Z",
"dateUpdated": "2024-09-18T21:28:12.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27916 (GCVE-0-2021-27916)
Vulnerability from cvelistv5 – Published: 2024-09-17 14:20 – Updated: 2024-09-18 21:29
VLAI?
Summary
Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.
This vulnerability exists in the implementation of the GrapesJS builder in Mautic.
Severity ?
8.1 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
Credits
Mattias Michaux
Lenon Leite
Adrian Schimpf
Avikarsha Saha
John Linhart
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:57:12.983272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T15:57:32.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThanOrEqual": "\u003c= 4.4.11",
"status": "affected",
"version": "\u003e= 3.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c= 5.0.3",
"status": "affected",
"version": "\u003e= 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mattias Michaux"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Adrian Schimpf"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Avikarsha Saha"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
}
],
"datePublic": "2024-04-12T17:07:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.\u003cbr\u003e\u003cbr\u003eThis vulnerability exists in the implementation of the GrapesJS builder in Mautic.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.\n\nThis vulnerability exists in the implementation of the GrapesJS builder in Mautic."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:29:42.899Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to 4.4.12 or 5.0.4 or higher."
}
],
"value": "Upgrade to 4.4.12 or 5.0.4 or higher."
}
],
"source": {
"advisory": "GHSA-9fcx-cv56-w58p",
"discovery": "USER"
},
"title": "Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27916",
"datePublished": "2024-09-17T14:20:03.550Z",
"dateReserved": "2021-03-02T15:53:50.859Z",
"dateUpdated": "2024-09-18T21:29:42.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27915 (GCVE-0-2021-27915)
Vulnerability from cvelistv5 – Published: 2024-09-17 14:02 – Updated: 2024-09-17 16:01
VLAI?
Summary
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.
This could lead to the user having elevated access to the system.
Severity ?
7.6 (High)
CWE
Assigner
References
Impacted products
Credits
Lenon Leite
Lenon Leite
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mautic:mautic:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mautic",
"vendor": "mautic",
"versions": [
{
"lessThanOrEqual": "4.4.11",
"status": "affected",
"version": "1.0.0-beta2",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:59:08.355119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T16:01:29.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core-lib",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThanOrEqual": "\u003c= 4.4.11",
"status": "affected",
"version": "\u003e= 1.0.0-beta2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "finder",
"value": "Lenon Leite"
}
],
"datePublic": "2024-04-11T09:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ePrior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis could lead to the user having elevated access to the system.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.\n\nThis could lead to the user having elevated access to the system."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:02:09.969Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.12 or later."
}
],
"value": "Update to 4.4.12 or later."
}
],
"source": {
"advisory": "https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2",
"discovery": "INTERNAL"
},
"title": "XSS Cross-site Scripting Stored (XSS) - Description field",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27915",
"datePublished": "2024-09-17T14:02:09.969Z",
"dateReserved": "2021-03-02T15:53:50.859Z",
"dateUpdated": "2024-09-17T16:01:29.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25772 (GCVE-0-2022-25772)
Vulnerability from cvelistv5 – Published: 2022-06-20 00:00 – Updated: 2024-08-03 04:49
VLAI?
Summary
A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript
Severity ?
9.6 (Critical)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
Credits
Reported by Mattias Michaux, Dropsolid
Fixed by Mattias Michaux, Dropsolid
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:44.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-pjpc-87mp-4332"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "4.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Mattias Michaux, Dropsolid"
},
{
"lang": "en",
"value": "Fixed by Mattias Michaux, Dropsolid"
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T00:00:00",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-pjpc-87mp-4332"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25772",
"datePublished": "2022-06-20T00:00:00",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:49:44.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27914 (GCVE-0-2021-27914)
Vulnerability from cvelistv5 – Published: 2022-06-01 15:20 – Updated: 2024-08-03 21:33
VLAI?
Summary
A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript
Severity ?
7.6 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Reported by Mattias Michaux, Dropsolid
Fixed by Mattias Michaux, Dropsolid
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "4.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Mattias Michaux, Dropsolid"
},
{
"lang": "en",
"value": "Fixed by Mattias Michaux, Dropsolid"
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T15:20:10",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"ID": "CVE-2021-27914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.3.0"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Mattias Michaux, Dropsolid"
},
{
"lang": "eng",
"value": "Fixed by Mattias Michaux, Dropsolid"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27914",
"datePublished": "2022-06-01T15:20:10",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-08-03T21:33:17.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27909 (GCVE-0-2021-27909)
Vulnerability from cvelistv5 – Published: 2021-08-30 16:00 – Updated: 2024-09-16 20:52
VLAI?
Summary
For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Reported by https://github.com/ZhenwarX, Fixed by Mohit Aghera https://github.com/mohit-rocks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "3.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by https://github.com/ZhenwarX, Fixed by Mohit Aghera https://github.com/mohit-rocks"
}
],
"datePublic": "2021-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic\u0027s password reset page where a vulnerable parameter, \"bundle,\" in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T16:00:10",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc"
}
],
"source": {
"defect": [
"MST-16"
],
"discovery": "EXTERNAL"
},
"title": "XSS vulnerability on password reset page",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"DATE_PUBLIC": "2021-08-30T14:06:00.000Z",
"ID": "CVE-2021-27909",
"STATE": "PUBLIC",
"TITLE": "XSS vulnerability on password reset page"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.4"
},
{
"version_affected": "\u003c",
"version_value": "4.0.0"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by https://github.com/ZhenwarX, Fixed by Mohit Aghera https://github.com/mohit-rocks"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic\u0027s password reset page where a vulnerable parameter, \"bundle,\" in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc"
}
]
},
"source": {
"defect": [
"MST-16"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27909",
"datePublished": "2021-08-30T16:00:10.951539Z",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-09-16T20:52:58.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27913 (GCVE-0-2021-27913)
Vulnerability from cvelistv5 – Published: 2021-08-30 15:55 – Updated: 2024-09-16 18:08
VLAI?
Summary
The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0.
Severity ?
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Reported by Michael Rowley https://github.com/michaellrowley, Fixed by Mohit Aghera https://github.com/mohit-rocks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "3.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Michael Rowley https://github.com/michaellrowley, Fixed by Mohit Aghera https://github.com/mohit-rocks"
}
],
"datePublic": "2021-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T15:55:21",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3"
}
],
"source": {
"defect": [
"MST-18"
],
"discovery": "EXTERNAL"
},
"title": "Use of a Broken or Risky Cryptographic Algorithm",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"DATE_PUBLIC": "2021-08-30T14:06:00.000Z",
"ID": "CVE-2021-27913",
"STATE": "PUBLIC",
"TITLE": "Use of a Broken or Risky Cryptographic Algorithm"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.4"
},
{
"version_affected": "\u003c",
"version_value": "4.0.0"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Michael Rowley https://github.com/michaellrowley, Fixed by Mohit Aghera https://github.com/mohit-rocks"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3"
}
]
},
"source": {
"defect": [
"MST-18"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27913",
"datePublished": "2021-08-30T15:55:21.646676Z",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-09-16T18:08:08.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27912 (GCVE-0-2021-27912)
Vulnerability from cvelistv5 – Published: 2021-08-30 15:55 – Updated: 2024-09-16 16:17
VLAI?
Summary
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.
Severity ?
7.1 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Reported by Hoang Nguyen https://github.com/MatisAct, Fixed by Rohit Pavaskar https://github.com/rohitp19
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "3.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Hoang Nguyen https://github.com/MatisAct, Fixed by Rohit Pavaskar https://github.com/rohitp19"
}
],
"datePublic": "2021-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T15:55:17",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8"
}
],
"source": {
"defect": [
"MST-15"
],
"discovery": "EXTERNAL"
},
"title": "XSS vulnerability on asset view",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"DATE_PUBLIC": "2021-08-30T14:06:00.000Z",
"ID": "CVE-2021-27912",
"STATE": "PUBLIC",
"TITLE": "XSS vulnerability on asset view"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.4"
},
{
"version_affected": "\u003c",
"version_value": "4.0.0"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Hoang Nguyen https://github.com/MatisAct, Fixed by Rohit Pavaskar https://github.com/rohitp19"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8"
}
]
},
"source": {
"defect": [
"MST-15"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27912",
"datePublished": "2021-08-30T15:55:17.220890Z",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-09-16T16:17:39.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27911 (GCVE-0-2021-27911)
Vulnerability from cvelistv5 – Published: 2021-08-30 15:55 – Updated: 2024-09-16 22:30
VLAI?
Summary
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc.
Severity ?
8.3 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Reported by Hoang Nguyen https://github.com/MatisAct, Fixed by Rohit Pavaskar https://github.com/rohitp19
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "3.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Hoang Nguyen https://github.com/MatisAct, Fixed by Rohit Pavaskar https://github.com/rohitp19"
}
],
"datePublic": "2021-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact\u0027s first or last name and triggered when viewing a contact\u0027s details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T15:55:12",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc"
}
],
"source": {
"defect": [
"MST-15"
],
"discovery": "EXTERNAL"
},
"title": "XSS vulnerability on contacts view",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"DATE_PUBLIC": "2021-08-30T14:06:00.000Z",
"ID": "CVE-2021-27911",
"STATE": "PUBLIC",
"TITLE": "XSS vulnerability on contacts view"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.4"
},
{
"version_affected": "\u003c",
"version_value": "4.0.0"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Hoang Nguyen https://github.com/MatisAct, Fixed by Rohit Pavaskar https://github.com/rohitp19"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact\u0027s first or last name and triggered when viewing a contact\u0027s details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc"
}
]
},
"source": {
"defect": [
"MST-15"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27911",
"datePublished": "2021-08-30T15:55:12.869897Z",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-09-16T22:30:01.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27910 (GCVE-0-2021-27910)
Vulnerability from cvelistv5 – Published: 2021-08-30 15:55 – Updated: 2024-09-17 01:25
VLAI?
Summary
Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "error_related_to" parameters of the POST request of the bounce management callback will be permanently stored and executed once the details page of an affected lead is opened by a Mautic user. An attacker with access to the bounce management callback function (identified with the Mailjet webhook, but it is assumed this will work uniformly across all kinds of webhooks) can inject arbitrary JavaScript Code into the "error" and "error_related_to" parameters of the POST request (POST /mailer/<product / webhook>/callback). It is noted that there is no authentication needed to access this function. The JavaScript Code is stored permanently in the web application and executed every time an authenticated user views the details page of a single contact / lead in Mautic. This means, arbitrary code can be executed to, e.g., steal or tamper with information.
Severity ?
8.2 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Fixed by Zdeno Kuzmany, Webmecanik
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "3.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Fixed by Zdeno Kuzmany, Webmecanik"
}
],
"datePublic": "2021-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the \"error\" and \"error_related_to\" parameters of the POST request of the bounce management callback will be permanently stored and executed once the details page of an affected lead is opened by a Mautic user. An attacker with access to the bounce management callback function (identified with the Mailjet webhook, but it is assumed this will work uniformly across all kinds of webhooks) can inject arbitrary JavaScript Code into the \"error\" and \"error_related_to\" parameters of the POST request (POST /mailer/\u003cproduct / webhook\u003e/callback). It is noted that there is no authentication needed to access this function. The JavaScript Code is stored permanently in the web application and executed every time an authenticated user views the details page of a single contact / lead in Mautic. This means, arbitrary code can be executed to, e.g., steal or tamper with information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T15:55:08",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f"
}
],
"source": {
"defect": [
"MST-17"
],
"discovery": "UNKNOWN"
},
"title": "Stored XSS vulnerability on Bounce Management Callback",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"DATE_PUBLIC": "2021-08-30T14:06:00.000Z",
"ID": "CVE-2021-27910",
"STATE": "PUBLIC",
"TITLE": "Stored XSS vulnerability on Bounce Management Callback"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.4"
},
{
"version_affected": "\u003c",
"version_value": "4.0.0"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Fixed by Zdeno Kuzmany, Webmecanik"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the \"error\" and \"error_related_to\" parameters of the POST request of the bounce management callback will be permanently stored and executed once the details page of an affected lead is opened by a Mautic user. An attacker with access to the bounce management callback function (identified with the Mailjet webhook, but it is assumed this will work uniformly across all kinds of webhooks) can inject arbitrary JavaScript Code into the \"error\" and \"error_related_to\" parameters of the POST request (POST /mailer/\u003cproduct / webhook\u003e/callback). It is noted that there is no authentication needed to access this function. The JavaScript Code is stored permanently in the web application and executed every time an authenticated user views the details page of a single contact / lead in Mautic. This means, arbitrary code can be executed to, e.g., steal or tamper with information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f"
}
]
},
"source": {
"defect": [
"MST-17"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27910",
"datePublished": "2021-08-30T15:55:08.436773Z",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-09-17T01:25:50.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27908 (GCVE-0-2021-27908)
Vulnerability from cvelistv5 – Published: 2021-03-23 19:11 – Updated: 2024-09-16 16:23
VLAI?
Summary
In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.
Severity ?
5.8 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Discovered by Petr Gregor, Acquia
Fixed by Miroslav Fedeles, Acquia
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "3.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Petr Gregor, Acquia"
},
{
"lang": "en",
"value": "Fixed by Miroslav Fedeles, Acquia"
}
],
"datePublic": "2021-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic\u2019s configuration that are used in publicly facing parts of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T19:11:56",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"DATE_PUBLIC": "2021-03-22T20:15:00.000Z",
"ID": "CVE-2021-27908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.2"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by Petr Gregor, Acquia"
},
{
"lang": "eng",
"value": "Fixed by Miroslav Fedeles, Acquia"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic\u2019s configuration that are used in publicly facing parts of the application."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27908",
"datePublished": "2021-03-23T19:11:56.967620Z",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-09-16T16:23:48.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35125 (GCVE-0-2020-35125)
Vulnerability from cvelistv5 – Published: 2021-02-09 21:39 – Updated: 2024-08-04 16:55
VLAI?
Summary
A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-09T21:39:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.mautic.org/c/announcements/16",
"refsource": "MISC",
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"name": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4",
"refsource": "MISC",
"url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"
},
{
"name": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce",
"refsource": "MISC",
"url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce"
},
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35125",
"datePublished": "2021-02-09T21:39:33",
"dateReserved": "2020-12-11T00:00:00",
"dateUpdated": "2024-08-04T16:55:10.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35124 (GCVE-0-2020-35124)
Vulnerability from cvelistv5 – Published: 2021-01-28 05:37 – Updated: 2024-08-04 16:55
VLAI?
Summary
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-28T05:37:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.mautic.org/c/announcements/16",
"refsource": "MISC",
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"name": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4",
"refsource": "MISC",
"url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"
},
{
"name": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce",
"refsource": "MISC",
"url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce"
},
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35124",
"datePublished": "2021-01-28T05:37:56",
"dateReserved": "2020-12-11T00:00:00",
"dateUpdated": "2024-08-04T16:55:10.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35128 (GCVE-0-2020-35128)
Vulnerability from cvelistv5 – Published: 2021-01-19 13:08 – Updated: 2024-08-04 16:55
VLAI?
Summary
Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-22T02:31:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.mautic.org/c/announcements/16",
"refsource": "MISC",
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"name": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2"
},
{
"name": "https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786",
"refsource": "CONFIRM",
"url": "https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35128",
"datePublished": "2021-01-19T13:08:02",
"dateReserved": "2020-12-11T00:00:00",
"dateUpdated": "2024-08-04T16:55:10.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}