CVE-2022-25776

2024-09-1815:15:13

CWE-276

Mautic

web.nvd.nist.gov

reserved

organization

individual

publicized

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

21.0%

JSON

Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.

Users could potentially access sensitive data such as names and surnames, company names and stage names.

Affected configurations

Nvd

Node

acquiamauticRange1.0.2–4.4.12

acquiamauticRange5.0.0–5.0.4

VendorProductVersionCPE
acquiamautic*cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
acquia	mautic	*	cpe:2.3:a:acquia:mautic::::::::

CNA Affected

[
  {
    "collectionURL": "https://packagist.org",
    "defaultStatus": "unaffected",
    "packageName": "mautic/core",
    "product": "Mautic",
    "repo": "https://github.com/mautic/mautic",
    "vendor": "Mautic",
    "versions": [
      {
        "lessThan": "< 4.4.12",
        "status": "affected",
        "version": ">= 1.0.2",
        "versionType": "semver"
      },
      {
        "lessThan": "< 5.0.4",
        "status": "affected",
        "version": ">5.0.0",
        "versionType": "semver"
      }
    ]
  }
]