Lucene search

GitHub Advisory DatabaseGHSA-39WJ-J3JC-858M

HistoryJan 19, 2021 - 8:43 p.m.

XSS vulnerability leveraged through referrers could allow un-authorized admin access in Mautic

2021-01-1920:43:56

CWE-79

GitHub Advisory Database

github.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.7%

JSON

Impact

This is a cross-site scripting vulnerability which affects every version of Mautic and could allow an attacker unauthorised administrator level access to Mautic.

This vulnerability was reported by Naveen Sunkavally at Horizon3.ai.

Patches

Upgrade to 3.2.4 or 2.16.5.

Link to patch for 2.x versions: https://github.com/mautic/mautic/compare/2.16.4...2.16.5.diff

Link to patch for 3.x versions: https://github.com/mautic/mautic/compare/3.2.2...3.2.4.diff

Workarounds

None

For more information

If you have any questions or comments about this advisory:

Post in https://forum.mautic.org/c/support
Email us at [email protected]

Affected configurations

Vulners

Node

mauticmauticRange<2.16.5

mauticmauticRange<3.2.4

CPENameOperatorVersion
mautic/corelt2.16.5
mautic/corelt3.2.4

CPE	Name	Operator	Version
	mautic/core	lt	2.16.5
	mautic/core	lt	3.2.4

References

forum.mautic.org/c/announcements/16

github.com/advisories/GHSA-39wj-j3jc-858m

github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35124.yaml

github.com/mautic/mautic/commit/20c5dc39b62164f6922ce53ea42cbb4ccec64e57

github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m

nvd.nist.gov/vuln/detail/CVE-2020-35124

packagist.org/packages/mautic/core

www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce

www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.7%

JSON

Related for GHSA-39WJ-J3JC-858M