Lucene search
GoogleOSV:GHSA-6X98-FX9J-7C78HistoryJan 19, 2021 - 9:16 p.m.
Disabled users able to log in with third party SSO plugin
2021-01-1921:16:19
Google
osv.dev
15
0.002 Low
EPSS
Percentile
54.0%
Impact
Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address
Patches
Upgrade to 2.12.0 or later.
Workarounds
None.
For more information
If you have any questions or comments about this advisory:
- Email us at [email protected]
| CPE | Name | Operator | Version |
|---|---|---|---|
| mautic/core | eq | 2.5.1 | |
| mautic/core | eq | 2.11.0 | |
| mautic/core | eq | 2.3.0 | |
| mautic/core | eq | 2.8.0 | |
| mautic/core | eq | 2.9.2 | |
| mautic/core | eq | 2.12.0-beta | |
| mautic/core | eq | 2.4.0 | |
| mautic/core | eq | 2.10.1 | |
| mautic/core | eq | 2.7.1 | |
| mautic/core | eq | 2.5.0 |
Related
osv
osv
CVE-2017-1000489
2018-01-03 17:29:00
nvd
nvd
CVE-2017-1000489
2018-01-03 17:29:00
cvelist
cvelist
CVE-2017-1000489
2022-10-03 16:23:09
cve
cve
CVE-2017-1000489
2022-10-03 16:23:09
veracode
veracode
Authentication Bypass
2021-01-20 16:29:28
prion
prion
Code injection
2018-01-03 17:29:00
github
github
Disabled users able to log in with third party SSO plugin
2021-01-19 21:16:19