Lucene search

NCSC.chCVELIST:CVE-2024-3448

HistoryApr 10, 2024 - 1:59 p.m.

CVE-2024-3448 Improper Access Control Leads to Server-Side Request Forgery in Mautic

2024-04-1013:59:46

CWE-918

NCSC.ch

www.cve.org

ssrf vulnerability

improper access control

mautic

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Mautic",
    "programFiles": [
      "https://github.com/mautic/mautic/blob/4.4.9/plugins/MauticFocusBundle/Controller/AjaxController.php#L17"
    ],
    "repo": "https://github.com/mautic/mautic",
    "vendor": "Mautic",
    "versions": [
      {
        "lessThanOrEqual": "4.4.9",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

huntr.com/bounties/4d72d300-92d6-4e3c-93d8-52fe47396ae0

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-3448