Lucene search

GitHub Advisory DatabaseGHSA-MGV8-W49F-822W

HistoryApr 12, 2024 - 9:25 p.m.

Mautic: MST-48 Server-Side Request Forgery in Asset section

2024-04-1221:25:18

CWE-918

GitHub Advisory Database

github.com

mautic

mst-48

ssrf

asset section

system files

internal addresses

update

workarounds

owasp

advisory

6.5 Medium

AI Score

Confidence

High

JSON

Impact

Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.

Patches

Update to 4.4.12 or 5.0.4

Workarounds

None

References

https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_(SSRF)/

If you have any questions or comments about this advisory:

Email us at [email protected]

Affected configurations

Vulners

Node

mauticmauticRange<5.0.4

mauticmauticRange1.0.0-beta4≥

mauticmauticRange<4.4.12

CPENameOperatorVersion
mautic/corelt5.0.4
mautic/corege1.0.0-beta4
mautic/corelt4.4.12

Name	Operator	Version
mautic/core	lt	5.0.4
mautic/core	ge	1.0.0-beta4
mautic/core	lt	4.4.12

References

github.com/advisories/GHSA-mgv8-w49f-822w

github.com/mautic/mautic/commit/b4b4ab5f0613854152ceb7b5e5228acf50648fd0

github.com/mautic/mautic/commit/c54befd9eaaa49e4fc10a0fe22435c09ef2821b2

github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w

6.5 Medium

AI Score

Confidence

High

JSON

Related for GHSA-MGV8-W49F-822W