Lucene search
GoogleOSV:CVE-2022-25776HistorySep 18, 2024 - 3:15 p.m.
CVE-2022-25776
2024-09-1815:15:13
Google
osv.dev
mautic
unauthorized access
sensitive data
CVSS3
8.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
AI Score
6.5
Confidence
Low
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.
Users could potentially access sensitive data such as names and surnames, company names and stage names.
Related
cve
cve
CVE-2022-25776
2024-09-18 15:15:13
veracode
veracode
Sensitive Information Disclosure
2024-04-15 12:11:05
vulnrichment
vulnrichment
github
github
Mautic Sensitive Data Exposure due to inadequate user permission settings
2024-04-12 17:28:52
nvd
nvd
CVE-2022-25776
2024-09-18 15:15:13
osv
osv
Mautic Sensitive Data Exposure due to inadequate user permission settings
2024-04-12 17:28:52
cvelist
cvelist
CVSS3
8.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
AI Score
6.5
Confidence
Low
Related for OSV:CVE-2022-25776