Lucene search
HistorySep 18, 2024 - 3:15 p.m.
CVE-2022-25776
mautic
patched version
logged in users
restricted areas
sensitive data
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
21.0%
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.
Users could potentially access sensitive data such as names and surnames, company names and stage names.
Affected configurations
Node
acquiamauticRange1.0.2–4.4.12
ORacquiamauticRange5.0.0–5.0.4
Related
cve
cve
CVE-2022-25776
2024-09-18 15:15:13
veracode
veracode
Sensitive Information Disclosure
2024-04-15 12:11:05
vulnrichment
vulnrichment
github
github
Mautic Sensitive Data Exposure due to inadequate user permission settings
2024-04-12 17:28:52
osv
osv
Mautic Sensitive Data Exposure due to inadequate user permission settings
2024-04-12 17:28:52
CVE-2022-25776
2024-09-18 15:15:13
cvelist
cvelist
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
21.0%
Related for NVD:CVE-2022-25776