CVE-2022-25776

EPSS 0.04%
Published 18.09.2024 15:15:13
Last modified 24.09.2024 15:19:46
Source security@mautic.org
Teams watchlist Login
Open Login

Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.

Users could potentially access sensitive data such as names and surnames, company names and stage names.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Acquia ≫ Mautic Version >= 1.0.2 < 4.4.12

Acquia ≫ Mautic Version >= 5.0.0 < 5.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.1

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security@mautic.org	8.3	2.8	5.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-25776

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-25776

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-25776

EUVD