Lucene search
MauticCVELIST:CVE-2022-25776HistorySep 18, 2024 - 3:06 p.m.
CVE-2022-25776 Sensitive Data Exposure due to inadequate user permission settings
2024-09-1815:06:54
CWE-276
Mautic
www.cve.org
1
cve-2022-25776
sensitive data exposure
mautic
user permission settings
data access
CVSS3
8.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
EPSS
0.001
Percentile
21.0%
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.
Users could potentially access sensitive data such as names and surnames, company names and stage names.
CNA Affected
[
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "< 4.4.12",
"status": "affected",
"version": ">= 1.0.2",
"versionType": "semver"
},
{
"lessThan": "< 5.0.4",
"status": "affected",
"version": ">5.0.0",
"versionType": "semver"
}
]
}
]Related
cve
cve
CVE-2022-25776
2024-09-18 15:15:13
veracode
veracode
Sensitive Information Disclosure
2024-04-15 12:11:05
vulnrichment
vulnrichment
github
github
Mautic Sensitive Data Exposure due to inadequate user permission settings
2024-04-12 17:28:52
nvd
nvd
CVE-2022-25776
2024-09-18 15:15:13
osv
osv
Mautic Sensitive Data Exposure due to inadequate user permission settings
2024-04-12 17:28:52
CVE-2022-25776
2024-09-18 15:15:13
CVSS3
8.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
EPSS
0.001
Percentile
21.0%
Related for CVELIST:CVE-2022-25776