Lucene search

NCSC.chVULNRICHMENT:CVE-2024-3448

HistoryApr 10, 2024 - 1:59 p.m.

CVE-2024-3448 Improper Access Control Leads to Server-Side Request Forgery in Mautic

2024-04-1013:59:46

CWE-918

NCSC.ch

github.com

cve-2024-3448

improper access control

server-side request forgery

mautic

port scan

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

6.9

Confidence

High

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:mautic:mautic:-:*:*:*:*:*:*:*"
    ],
    "vendor": "mautic",
    "product": "mautic",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "4.4.9"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

huntr.com/bounties/4d72d300-92d6-4e3c-93d8-52fe47396ae0

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

6.9

Confidence

High

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-3448