CVE-2022-25776

EPSS 0.04%
Veröffentlicht 18.09.2024 15:15:13
Zuletzt bearbeitet 24.09.2024 15:19:46
Quelle security@mautic.org
Teams Watchlist Login
Unerledigt Login

Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.

Users could potentially access sensitive data such as names and surnames, company names and stage names.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Acquia ≫ Mautic Version >= 1.0.2 < 4.4.12

Acquia ≫ Mautic Version >= 5.0.0 < 5.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security@mautic.org	8.3	2.8	5.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-25776

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-25776

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-25776

EUVD