CVE-2022-25770

EPSS 0.12%
Veröffentlicht 18.09.2024 22:15:03
Zuletzt bearbeitet 27.02.2025 19:30:33
Quelle security@mautic.org
Teams Watchlist Login
Unerledigt Login

Mautic allows you to update the application via an upgrade script.

The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.

This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Acquia ≫ Mautic Version >= 1.0.1 < 4.4.13

Acquia ≫ Mautic Version >= 5.0.0 < 5.1.1

Acquia ≫ Mautic Version1.0.0 Update-

Acquia ≫ Mautic Version1.0.0 Updatebeta3

Acquia ≫ Mautic Version1.0.0 Updatebeta4

Acquia ≫ Mautic Version1.0.0 Updaterc1

Acquia ≫ Mautic Version1.0.0 Updaterc2

Acquia ≫ Mautic Version1.0.0 Updaterc3

Acquia ≫ Mautic Version1.0.0 Updaterc4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.309

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
security@mautic.org	7.8	1.4	5.8	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-25770

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-25770

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-25770

EUVD