CVE-2022-25776

CVSS v3.1

8.3

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

Name of the Vulnerable Software and Affected Versions Mautic versions prior to 4.4.12 Mautic versions prior to 5.0.4

Description Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names.

Recommendations Update to version 4.4.12 to resolve the issue for versions prior to 4.4.12. Update to version 5.0.4 to resolve the issue for versions prior to 5.0.4.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276CWE-280

Related Identifiers

CVE-2022-25776

GHSA-QJX3-2G35-6HV8

Affected Products

Mautic

CVE-2022-25776

Weakness Enumeration

Related Identifiers

Affected Products

References · 10