| 0 |
| url |
VCID-169x-kkjv-tuhd |
| vulnerability_id |
VCID-169x-kkjv-tuhd |
| summary |
SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames.
User Enumeration via Timing Attack: A user enumeration vulnerability exists in the "Forget your password" functionality. Differences in response times for existing and non-existing users, combined with a lack of request limiting, allow an attacker to determine the existence of usernames through a timing-based attack.
MitigationPlease update to a version that addresses this timing vulnerability, where password reset responses are normalized to respond at the same time regardless of user existence. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-47057, GHSA-424x-cxvh-wq9p
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-169x-kkjv-tuhd |
|
| 1 |
| url |
VCID-2g6y-5hpv-7bdx |
| vulnerability_id |
VCID-2g6y-5hpv-7bdx |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@2.13.0 |
| purl |
pkg:composer/mautic/core@2.13.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 6 |
| vulnerability |
VCID-8ma7-rz6x-2kf9 |
|
| 7 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 8 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 9 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 10 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 11 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 12 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 13 |
| vulnerability |
VCID-f68m-ft5s-s7cm |
|
| 14 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 15 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 16 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 17 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 18 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 19 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 20 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 21 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 22 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 23 |
| vulnerability |
VCID-vhp5-wnad-5qhr |
|
| 24 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 25 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 26 |
| vulnerability |
VCID-wt8d-xdws-h7hp |
|
| 27 |
| vulnerability |
VCID-ztf2-x5fp-rfdt |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.13.0 |
|
|
| aliases |
CVE-2018-8071, GHSA-5w74-jx7m-x6hv
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2g6y-5hpv-7bdx |
|
| 2 |
| url |
VCID-2xsp-rqs9-q3f6 |
| vulnerability_id |
VCID-2xsp-rqs9-q3f6 |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@3.3.4 |
| purl |
pkg:composer/mautic/core@3.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-39v5-2gxn-tbgq |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 6 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 7 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 8 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 9 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 10 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 11 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 12 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 13 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 14 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 15 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 16 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 17 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 18 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4 |
|
| 1 |
| url |
pkg:composer/mautic/core@4.0.0-alpha1 |
| purl |
pkg:composer/mautic/core@4.0.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-39v5-2gxn-tbgq |
|
| 3 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 4 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 5 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 6 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 7 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 8 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 9 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 10 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 11 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 12 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 13 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 14 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 15 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 16 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 17 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 18 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 19 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 20 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 21 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 22 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0-alpha1 |
|
| 2 |
| url |
pkg:composer/mautic/core@4.0.0 |
| purl |
pkg:composer/mautic/core@4.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-39v5-2gxn-tbgq |
|
| 3 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 4 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 5 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 6 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 7 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 8 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 9 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 10 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 11 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 12 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 13 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 14 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 15 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 16 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 17 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 18 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 19 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 20 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 21 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 22 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0 |
|
|
| aliases |
CVE-2021-27912, GHSA-rh5w-82wh-jhr8
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2xsp-rqs9-q3f6 |
|
| 3 |
| url |
VCID-3g4e-a7qf-7bg1 |
| vulnerability_id |
VCID-3g4e-a7qf-7bg1 |
| summary |
Mautic allows you to update the application via an upgrade script.
The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.
This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/mautic/mautic |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/mautic/mautic |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@4.4.13 |
| purl |
pkg:composer/mautic/core@4.4.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-72qd-qyx1-9kcj |
|
| 2 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 3 |
| vulnerability |
VCID-8css-7395-v7fe |
|
| 4 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 5 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 6 |
| vulnerability |
VCID-d8gm-pcqd-kyh9 |
|
| 7 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 8 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 9 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 10 |
| vulnerability |
VCID-uxc8-np41-ubfg |
|
| 11 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 12 |
| vulnerability |
VCID-wmr5-yjdd-7fhy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13 |
|
| 1 |
| url |
pkg:composer/mautic/core@5.1.1 |
| purl |
pkg:composer/mautic/core@5.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-72qd-qyx1-9kcj |
|
| 2 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 3 |
| vulnerability |
VCID-8css-7395-v7fe |
|
| 4 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 5 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 6 |
| vulnerability |
VCID-d8gm-pcqd-kyh9 |
|
| 7 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 8 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 9 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 10 |
| vulnerability |
VCID-uxc8-np41-ubfg |
|
| 11 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 12 |
| vulnerability |
VCID-wmr5-yjdd-7fhy |
|
| 13 |
| vulnerability |
VCID-xnwg-23ba-5feb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1 |
|
|
| aliases |
CVE-2022-25770, GHSA-qf6m-6m4g-rmrc
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3g4e-a7qf-7bg1 |
|
| 4 |
| url |
VCID-68rz-q2zr-3uew |
| vulnerability_id |
VCID-68rz-q2zr-3uew |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@2.13.0 |
| purl |
pkg:composer/mautic/core@2.13.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 6 |
| vulnerability |
VCID-8ma7-rz6x-2kf9 |
|
| 7 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 8 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 9 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 10 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 11 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 12 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 13 |
| vulnerability |
VCID-f68m-ft5s-s7cm |
|
| 14 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 15 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 16 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 17 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 18 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 19 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 20 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 21 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 22 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 23 |
| vulnerability |
VCID-vhp5-wnad-5qhr |
|
| 24 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 25 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 26 |
| vulnerability |
VCID-wt8d-xdws-h7hp |
|
| 27 |
| vulnerability |
VCID-ztf2-x5fp-rfdt |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.13.0 |
|
|
| aliases |
CVE-2018-8092, GHSA-29v9-2fpx-j5g9
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-68rz-q2zr-3uew |
|
| 5 |
| url |
VCID-6udr-t1gz-yydw |
| vulnerability_id |
VCID-6udr-t1gz-yydw |
| summary |
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/mautic/mautic |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/mautic/mautic |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@4.4.13 |
| purl |
pkg:composer/mautic/core@4.4.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-72qd-qyx1-9kcj |
|
| 2 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 3 |
| vulnerability |
VCID-8css-7395-v7fe |
|
| 4 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 5 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 6 |
| vulnerability |
VCID-d8gm-pcqd-kyh9 |
|
| 7 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 8 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 9 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 10 |
| vulnerability |
VCID-uxc8-np41-ubfg |
|
| 11 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 12 |
| vulnerability |
VCID-wmr5-yjdd-7fhy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13 |
|
| 1 |
| url |
pkg:composer/mautic/core@5.1.1 |
| purl |
pkg:composer/mautic/core@5.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-72qd-qyx1-9kcj |
|
| 2 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 3 |
| vulnerability |
VCID-8css-7395-v7fe |
|
| 4 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 5 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 6 |
| vulnerability |
VCID-d8gm-pcqd-kyh9 |
|
| 7 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 8 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 9 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 10 |
| vulnerability |
VCID-uxc8-np41-ubfg |
|
| 11 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 12 |
| vulnerability |
VCID-wmr5-yjdd-7fhy |
|
| 13 |
| vulnerability |
VCID-xnwg-23ba-5feb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1 |
|
|
| aliases |
CVE-2021-27917, GHSA-xpc5-rr39-v8v2
|
| risk_score |
3.3 |
| exploitability |
0.5 |
| weighted_severity |
6.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6udr-t1gz-yydw |
|
| 6 |
| url |
VCID-78su-anjk-nbfe |
| vulnerability_id |
VCID-78su-anjk-nbfe |
| summary |
SummaryThis advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially leading to phishing attacks or the delivery of exploit kits.
Open Redirection via returnUrl Parameter: An Open Redirection vulnerability exists in the /s/action/unlock/user.user/0 endpoint. The returnUrl parameter, intended for post-action redirection, is not properly validated. This allows an attacker to craft a URL that, when clicked by a user, redirects them to an arbitrary external website controlled by the attacker.
MitigationUpdate Mautic to a version that properly validates or sanitizes the returnUrl parameter to ensure that redirects only occur to trusted, internal URLs or explicitly whitelisted domains. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-5256, GHSA-6vx9-9r2g-8373
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-78su-anjk-nbfe |
|
| 7 |
| url |
VCID-7q52-cbyc-7uf6 |
| vulnerability_id |
VCID-7q52-cbyc-7uf6 |
| summary |
ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.
This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@3.3.5 |
| purl |
pkg:composer/mautic/core@3.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-39v5-2gxn-tbgq |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 6 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 7 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 8 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 9 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 10 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 11 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 12 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 13 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 14 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 15 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 16 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 17 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.5 |
|
| 1 |
| url |
pkg:composer/mautic/core@4.2.0 |
| purl |
pkg:composer/mautic/core@4.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-39v5-2gxn-tbgq |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 6 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 7 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 8 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 9 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 10 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 11 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 12 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 13 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 14 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 15 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 16 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 17 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 18 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 19 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.2.0 |
|
|
| aliases |
CVE-2022-25769, GHSA-mj6m-246h-9w56, GMS-2022-182
|
| risk_score |
3.2 |
| exploitability |
0.5 |
| weighted_severity |
6.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7q52-cbyc-7uf6 |
|
| 8 |
| url |
VCID-8eb5-t2u7-53cw |
| vulnerability_id |
VCID-8eb5-t2u7-53cw |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@2.12.0-beta |
| purl |
pkg:composer/mautic/core@2.12.0-beta |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2g6y-5hpv-7bdx |
|
| 2 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 3 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 4 |
| vulnerability |
VCID-68rz-q2zr-3uew |
|
| 5 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 6 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 7 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 8 |
| vulnerability |
VCID-8ma7-rz6x-2kf9 |
|
| 9 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 10 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 11 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 12 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 13 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 14 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 15 |
| vulnerability |
VCID-f62m-zw1p-fqbh |
|
| 16 |
| vulnerability |
VCID-f68m-ft5s-s7cm |
|
| 17 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 18 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 19 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 20 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 21 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 22 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 23 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 24 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 25 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 26 |
| vulnerability |
VCID-vhp5-wnad-5qhr |
|
| 27 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 28 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 29 |
| vulnerability |
VCID-wt8d-xdws-h7hp |
|
| 30 |
| vulnerability |
VCID-ztf2-x5fp-rfdt |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0-beta |
|
| 1 |
| url |
pkg:composer/mautic/core@2.12.0 |
| purl |
pkg:composer/mautic/core@2.12.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2g6y-5hpv-7bdx |
|
| 2 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 3 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 4 |
| vulnerability |
VCID-68rz-q2zr-3uew |
|
| 5 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 6 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 7 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 8 |
| vulnerability |
VCID-8ma7-rz6x-2kf9 |
|
| 9 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 10 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 11 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 12 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 13 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 14 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 15 |
| vulnerability |
VCID-f62m-zw1p-fqbh |
|
| 16 |
| vulnerability |
VCID-f68m-ft5s-s7cm |
|
| 17 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 18 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 19 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 20 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 21 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 22 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 23 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 24 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 25 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 26 |
| vulnerability |
VCID-vhp5-wnad-5qhr |
|
| 27 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 28 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 29 |
| vulnerability |
VCID-wt8d-xdws-h7hp |
|
| 30 |
| vulnerability |
VCID-ztf2-x5fp-rfdt |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0 |
|
|
| aliases |
CVE-2017-1000490, GHSA-qpgw-2c72-4c89
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8eb5-t2u7-53cw |
|
| 9 |
| url |
VCID-8ma7-rz6x-2kf9 |
| vulnerability_id |
VCID-8ma7-rz6x-2kf9 |
| summary |
Mautic stored Cross-site Scripting (XSS) |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@3.2.4 |
| purl |
pkg:composer/mautic/core@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 6 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 7 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 8 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 9 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 10 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 11 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 12 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 13 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 14 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 15 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 16 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 17 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 18 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 19 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 20 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 21 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 22 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 23 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4 |
|
|
| aliases |
CVE-2020-35129, GHSA-3px5-wjh3-9x6r
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8ma7-rz6x-2kf9 |
|
| 10 |
| url |
VCID-8ns1-8zyf-97d5 |
| vulnerability_id |
VCID-8ns1-8zyf-97d5 |
| summary |
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.
This could lead to the user having elevated access to the system. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/mautic/mautic |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/mautic/mautic |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@4.4.12 |
| purl |
pkg:composer/mautic/core@4.4.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 2 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 3 |
| vulnerability |
VCID-72qd-qyx1-9kcj |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-8css-7395-v7fe |
|
| 6 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 7 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 8 |
| vulnerability |
VCID-d8gm-pcqd-kyh9 |
|
| 9 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 10 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 11 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 12 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 13 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 14 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 15 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 16 |
| vulnerability |
VCID-uxc8-np41-ubfg |
|
| 17 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 18 |
| vulnerability |
VCID-wmr5-yjdd-7fhy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.12 |
|
| 1 |
| url |
pkg:composer/mautic/core@5.0.0-alpha |
| purl |
pkg:composer/mautic/core@5.0.0-alpha |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-39v5-2gxn-tbgq |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-72qd-qyx1-9kcj |
|
| 5 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 6 |
| vulnerability |
VCID-8css-7395-v7fe |
|
| 7 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 8 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 9 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 10 |
| vulnerability |
VCID-d8gm-pcqd-kyh9 |
|
| 11 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 12 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 13 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 14 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 15 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 16 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 17 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 18 |
| vulnerability |
VCID-uxc8-np41-ubfg |
|
| 19 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 20 |
| vulnerability |
VCID-wmr5-yjdd-7fhy |
|
| 21 |
| vulnerability |
VCID-xnwg-23ba-5feb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.0.0-alpha |
|
|
| aliases |
CVE-2021-27915, GHSA-2rc5-2755-v422
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8ns1-8zyf-97d5 |
|
| 11 |
| url |
VCID-9h4n-kq2p-u7ge |
| vulnerability_id |
VCID-9h4n-kq2p-u7ge |
| summary |
This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data.
* Improper Authorization:Â An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the "Reporting Permissions > View Own" and "Reporting Permissions > View Others" permissions, which should restrict access to non-System Reports. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-47053, GHSA-8xv7-g2q3-fqgc
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9h4n-kq2p-u7ge |
|
| 12 |
| url |
VCID-aq3j-jvqn-wkgn |
| vulnerability_id |
VCID-aq3j-jvqn-wkgn |
| summary |
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.
Users could potentially access sensitive data such as names and surnames, company names and stage names. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@4.4.12 |
| purl |
pkg:composer/mautic/core@4.4.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 2 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 3 |
| vulnerability |
VCID-72qd-qyx1-9kcj |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-8css-7395-v7fe |
|
| 6 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 7 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 8 |
| vulnerability |
VCID-d8gm-pcqd-kyh9 |
|
| 9 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 10 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 11 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 12 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 13 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 14 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 15 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 16 |
| vulnerability |
VCID-uxc8-np41-ubfg |
|
| 17 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 18 |
| vulnerability |
VCID-wmr5-yjdd-7fhy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.12 |
|
| 1 |
| url |
pkg:composer/mautic/core@5.0.4 |
| purl |
pkg:composer/mautic/core@5.0.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 2 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 3 |
| vulnerability |
VCID-72qd-qyx1-9kcj |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-8css-7395-v7fe |
|
| 6 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 7 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 8 |
| vulnerability |
VCID-d8gm-pcqd-kyh9 |
|
| 9 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 10 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 11 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 12 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 13 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 14 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 15 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 16 |
| vulnerability |
VCID-uxc8-np41-ubfg |
|
| 17 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 18 |
| vulnerability |
VCID-wmr5-yjdd-7fhy |
|
| 19 |
| vulnerability |
VCID-xnwg-23ba-5feb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.0.4 |
|
|
| aliases |
CVE-2022-25776, GHSA-qjx3-2g35-6hv8
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-aq3j-jvqn-wkgn |
|
| 13 |
| url |
VCID-bqh5-8b3y-5yer |
| vulnerability_id |
VCID-bqh5-8b3y-5yer |
| summary |
Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@4.4.12 |
| purl |
pkg:composer/mautic/core@4.4.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 2 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 3 |
| vulnerability |
VCID-72qd-qyx1-9kcj |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-8css-7395-v7fe |
|
| 6 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 7 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 8 |
| vulnerability |
VCID-d8gm-pcqd-kyh9 |
|
| 9 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 10 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 11 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 12 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 13 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 14 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 15 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 16 |
| vulnerability |
VCID-uxc8-np41-ubfg |
|
| 17 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 18 |
| vulnerability |
VCID-wmr5-yjdd-7fhy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.12 |
|
| 1 |
| url |
pkg:composer/mautic/core@5.0.4 |
| purl |
pkg:composer/mautic/core@5.0.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 2 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 3 |
| vulnerability |
VCID-72qd-qyx1-9kcj |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-8css-7395-v7fe |
|
| 6 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 7 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 8 |
| vulnerability |
VCID-d8gm-pcqd-kyh9 |
|
| 9 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 10 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 11 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 12 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 13 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 14 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 15 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 16 |
| vulnerability |
VCID-uxc8-np41-ubfg |
|
| 17 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 18 |
| vulnerability |
VCID-wmr5-yjdd-7fhy |
|
| 19 |
| vulnerability |
VCID-xnwg-23ba-5feb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.0.4 |
|
|
| aliases |
CVE-2022-25777, GHSA-mgv8-w49f-822w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bqh5-8b3y-5yer |
|
| 14 |
| url |
VCID-cg9y-ccxf-5ue1 |
| vulnerability_id |
VCID-cg9y-ccxf-5ue1 |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@2.12.0-beta |
| purl |
pkg:composer/mautic/core@2.12.0-beta |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2g6y-5hpv-7bdx |
|
| 2 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 3 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 4 |
| vulnerability |
VCID-68rz-q2zr-3uew |
|
| 5 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 6 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 7 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 8 |
| vulnerability |
VCID-8ma7-rz6x-2kf9 |
|
| 9 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 10 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 11 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 12 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 13 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 14 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 15 |
| vulnerability |
VCID-f62m-zw1p-fqbh |
|
| 16 |
| vulnerability |
VCID-f68m-ft5s-s7cm |
|
| 17 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 18 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 19 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 20 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 21 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 22 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 23 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 24 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 25 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 26 |
| vulnerability |
VCID-vhp5-wnad-5qhr |
|
| 27 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 28 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 29 |
| vulnerability |
VCID-wt8d-xdws-h7hp |
|
| 30 |
| vulnerability |
VCID-ztf2-x5fp-rfdt |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0-beta |
|
| 1 |
| url |
pkg:composer/mautic/core@2.12.0 |
| purl |
pkg:composer/mautic/core@2.12.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2g6y-5hpv-7bdx |
|
| 2 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 3 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 4 |
| vulnerability |
VCID-68rz-q2zr-3uew |
|
| 5 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 6 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 7 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 8 |
| vulnerability |
VCID-8ma7-rz6x-2kf9 |
|
| 9 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 10 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 11 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 12 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 13 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 14 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 15 |
| vulnerability |
VCID-f62m-zw1p-fqbh |
|
| 16 |
| vulnerability |
VCID-f68m-ft5s-s7cm |
|
| 17 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 18 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 19 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 20 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 21 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 22 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 23 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 24 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 25 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 26 |
| vulnerability |
VCID-vhp5-wnad-5qhr |
|
| 27 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 28 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 29 |
| vulnerability |
VCID-wt8d-xdws-h7hp |
|
| 30 |
| vulnerability |
VCID-ztf2-x5fp-rfdt |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0 |
|
| 2 |
| url |
pkg:composer/mautic/core@2.14.2 |
| purl |
pkg:composer/mautic/core@2.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 6 |
| vulnerability |
VCID-8ma7-rz6x-2kf9 |
|
| 7 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 8 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 9 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 10 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 11 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 12 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 13 |
| vulnerability |
VCID-f68m-ft5s-s7cm |
|
| 14 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 15 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 16 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 17 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 18 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 19 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 20 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 21 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 22 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 23 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 24 |
| vulnerability |
VCID-vhp5-wnad-5qhr |
|
| 25 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 26 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 27 |
| vulnerability |
VCID-wt8d-xdws-h7hp |
|
| 28 |
| vulnerability |
VCID-ztf2-x5fp-rfdt |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.14.2 |
|
|
| aliases |
CVE-2017-1000506, GHSA-358v-cqjc-2pcq
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cg9y-ccxf-5ue1 |
|
| 15 |
| url |
VCID-dn9j-69ah-wye9 |
| vulnerability_id |
VCID-dn9j-69ah-wye9 |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@3.3.4 |
| purl |
pkg:composer/mautic/core@3.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-39v5-2gxn-tbgq |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 6 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 7 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 8 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 9 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 10 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 11 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 12 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 13 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 14 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 15 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 16 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 17 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 18 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4 |
|
| 1 |
| url |
pkg:composer/mautic/core@4.0.0-alpha1 |
| purl |
pkg:composer/mautic/core@4.0.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-39v5-2gxn-tbgq |
|
| 3 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 4 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 5 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 6 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 7 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 8 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 9 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 10 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 11 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 12 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 13 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 14 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 15 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 16 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 17 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 18 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 19 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 20 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 21 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 22 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0-alpha1 |
|
| 2 |
| url |
pkg:composer/mautic/core@4.0.0 |
| purl |
pkg:composer/mautic/core@4.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-39v5-2gxn-tbgq |
|
| 3 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 4 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 5 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 6 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 7 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 8 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 9 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 10 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 11 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 12 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 13 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 14 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 15 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 16 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 17 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 18 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 19 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 20 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 21 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 22 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0 |
|
|
| aliases |
CVE-2021-27913, GHSA-x7g2-wrrp-r6h3
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dn9j-69ah-wye9 |
|
| 16 |
| url |
VCID-f62m-zw1p-fqbh |
| vulnerability_id |
VCID-f62m-zw1p-fqbh |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@2.13.0 |
| purl |
pkg:composer/mautic/core@2.13.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 6 |
| vulnerability |
VCID-8ma7-rz6x-2kf9 |
|
| 7 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 8 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 9 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 10 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 11 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 12 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 13 |
| vulnerability |
VCID-f68m-ft5s-s7cm |
|
| 14 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 15 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 16 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 17 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 18 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 19 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 20 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 21 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 22 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 23 |
| vulnerability |
VCID-vhp5-wnad-5qhr |
|
| 24 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 25 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 26 |
| vulnerability |
VCID-wt8d-xdws-h7hp |
|
| 27 |
| vulnerability |
VCID-ztf2-x5fp-rfdt |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.13.0 |
|
|
| aliases |
CVE-2018-10189, GHSA-vfxj-qg93-7wwc
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f62m-zw1p-fqbh |
|
| 17 |
| url |
VCID-f68m-ft5s-s7cm |
| vulnerability_id |
VCID-f68m-ft5s-s7cm |
| summary |
XSS in Mautic
### Impact
This is a cross-site scripting vulnerability relating to creating/editing a company which requires the user to be logged in as an administrator to be executed.
This vulnerability was reported by Dardan Prebreza at Bishop Fox.
### Patches
Upgrade to 3.2.4 or 2.16.5.
Link to patch for 2.x versions: https://github.com/mautic/mautic/compare/2.16.4...2.16.5.diff
Link to patch for 3.x versions: https://github.com/mautic/mautic/compare/3.2.2...3.2.4.diff
### Workarounds
None
### References
https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4
### For more information
If you have any questions or comments about this advisory:
* Post in https://forum.mautic.org/c/support
* Email us at security@mautic.org |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@2.16.5 |
| purl |
pkg:composer/mautic/core@2.16.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 6 |
| vulnerability |
VCID-8ma7-rz6x-2kf9 |
|
| 7 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 8 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 9 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 10 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 11 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 12 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 13 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 14 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 15 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 16 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 17 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 18 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 19 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 20 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 21 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 22 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 23 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 24 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 25 |
| vulnerability |
VCID-wt8d-xdws-h7hp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5 |
|
| 1 |
| url |
pkg:composer/mautic/core@3.2.4 |
| purl |
pkg:composer/mautic/core@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 6 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 7 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 8 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 9 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 10 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 11 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 12 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 13 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 14 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 15 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 16 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 17 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 18 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 19 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 20 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 21 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 22 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 23 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4 |
|
|
| aliases |
CVE-2021-3142, GHSA-p7v4-gm6j-cw9m
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f68m-ft5s-s7cm |
|
| 18 |
| url |
VCID-gcyk-qnbe-cyde |
| vulnerability_id |
VCID-gcyk-qnbe-cyde |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@3.3.4 |
| purl |
pkg:composer/mautic/core@3.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-39v5-2gxn-tbgq |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 6 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 7 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 8 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 9 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 10 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 11 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 12 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 13 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 14 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 15 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 16 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 17 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 18 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4 |
|
| 1 |
| url |
pkg:composer/mautic/core@4.0.0 |
| purl |
pkg:composer/mautic/core@4.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-39v5-2gxn-tbgq |
|
| 3 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 4 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 5 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 6 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 7 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 8 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 9 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 10 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 11 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 12 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 13 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 14 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 15 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 16 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 17 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 18 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 19 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 20 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 21 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 22 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0 |
|
|
| aliases |
CVE-2021-27910, GHSA-86pv-95mj-7w5f
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gcyk-qnbe-cyde |
|
| 19 |
| url |
VCID-hcsa-xf3v-6ugb |
| vulnerability_id |
VCID-hcsa-xf3v-6ugb |
| summary |
Sensitive Cookie Without HttpOnly and Secure Flag |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@2.1.1 |
| purl |
pkg:composer/mautic/core@2.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2g6y-5hpv-7bdx |
|
| 2 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 3 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 4 |
| vulnerability |
VCID-68rz-q2zr-3uew |
|
| 5 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 6 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 7 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 8 |
| vulnerability |
VCID-8eb5-t2u7-53cw |
|
| 9 |
| vulnerability |
VCID-8ma7-rz6x-2kf9 |
|
| 10 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 11 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 12 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 13 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 14 |
| vulnerability |
VCID-cg9y-ccxf-5ue1 |
|
| 15 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 16 |
| vulnerability |
VCID-f62m-zw1p-fqbh |
|
| 17 |
| vulnerability |
VCID-f68m-ft5s-s7cm |
|
| 18 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 19 |
| vulnerability |
VCID-hcsa-xf3v-6ugb |
|
| 20 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 21 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 22 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 23 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 24 |
| vulnerability |
VCID-mwyt-a655-4ycq |
|
| 25 |
| vulnerability |
VCID-pcmp-gh27-bkge |
|
| 26 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 27 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 28 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 29 |
| vulnerability |
VCID-vhp5-wnad-5qhr |
|
| 30 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 31 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 32 |
| vulnerability |
VCID-wt8d-xdws-h7hp |
|
| 33 |
| vulnerability |
VCID-ztf2-x5fp-rfdt |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.1.1 |
|
| 1 |
| url |
pkg:composer/mautic/core@2.7.0 |
| purl |
pkg:composer/mautic/core@2.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2g6y-5hpv-7bdx |
|
| 2 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 3 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 4 |
| vulnerability |
VCID-68rz-q2zr-3uew |
|
| 5 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 6 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 7 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 8 |
| vulnerability |
VCID-8eb5-t2u7-53cw |
|
| 9 |
| vulnerability |
VCID-8ma7-rz6x-2kf9 |
|
| 10 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 11 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 12 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 13 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 14 |
| vulnerability |
VCID-cg9y-ccxf-5ue1 |
|
| 15 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 16 |
| vulnerability |
VCID-f62m-zw1p-fqbh |
|
| 17 |
| vulnerability |
VCID-f68m-ft5s-s7cm |
|
| 18 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 19 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 20 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 21 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 22 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 23 |
| vulnerability |
VCID-mwyt-a655-4ycq |
|
| 24 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 25 |
| vulnerability |
VCID-pcmp-gh27-bkge |
|
| 26 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 27 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 28 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 29 |
| vulnerability |
VCID-vhp5-wnad-5qhr |
|
| 30 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 31 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 32 |
| vulnerability |
VCID-wt8d-xdws-h7hp |
|
| 33 |
| vulnerability |
VCID-ztf2-x5fp-rfdt |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.7.0 |
|
|
| aliases |
CVE-2017-1000046, GHSA-8255-qf34-44mp
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hcsa-xf3v-6ugb |
|
| 20 |
| url |
VCID-jnyh-wtct-juax |
| vulnerability_id |
VCID-jnyh-wtct-juax |
| summary |
Duplicate Advisory: Mautic has insufficient authentication in upgrade flow |
| references |
| 0 |
| reference_url |
https://github.com/mautic/mautic |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H |
|
| 1 |
| value |
7.4 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/mautic/mautic |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@4.4.13 |
| purl |
pkg:composer/mautic/core@4.4.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-72qd-qyx1-9kcj |
|
| 2 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 3 |
| vulnerability |
VCID-8css-7395-v7fe |
|
| 4 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 5 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 6 |
| vulnerability |
VCID-d8gm-pcqd-kyh9 |
|
| 7 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 8 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 9 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 10 |
| vulnerability |
VCID-uxc8-np41-ubfg |
|
| 11 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 12 |
| vulnerability |
VCID-wmr5-yjdd-7fhy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13 |
|
| 1 |
| url |
pkg:composer/mautic/core@5.1.1 |
| purl |
pkg:composer/mautic/core@5.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-72qd-qyx1-9kcj |
|
| 2 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 3 |
| vulnerability |
VCID-8css-7395-v7fe |
|
| 4 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 5 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 6 |
| vulnerability |
VCID-d8gm-pcqd-kyh9 |
|
| 7 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 8 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 9 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 10 |
| vulnerability |
VCID-uxc8-np41-ubfg |
|
| 11 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 12 |
| vulnerability |
VCID-wmr5-yjdd-7fhy |
|
| 13 |
| vulnerability |
VCID-xnwg-23ba-5feb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1 |
|
|
| aliases |
GHSA-5hc5-fxr9-5frc
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jnyh-wtct-juax |
|
| 21 |
| url |
VCID-kb5u-fxss-nqcf |
| vulnerability_id |
VCID-kb5u-fxss-nqcf |
| summary |
The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/mautic/mautic |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H |
|
| 1 |
| value |
8.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/mautic/mautic |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/mautic/mautic/security/advisories/GHSA-x3jx-5w6m-q2fc |
| reference_id |
GHSA-x3jx-5w6m-q2fc |
| reference_type |
|
| scores |
| 0 |
| value |
7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H |
|
| 1 |
| value |
7.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 3 |
| value |
8.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N |
|
| 4 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 5 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:42:37Z/ |
|
|
| url |
https://github.com/mautic/mautic/security/advisories/GHSA-x3jx-5w6m-q2fc |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@4.4.13 |
| purl |
pkg:composer/mautic/core@4.4.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-72qd-qyx1-9kcj |
|
| 2 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 3 |
| vulnerability |
VCID-8css-7395-v7fe |
|
| 4 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 5 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 6 |
| vulnerability |
VCID-d8gm-pcqd-kyh9 |
|
| 7 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 8 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 9 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 10 |
| vulnerability |
VCID-uxc8-np41-ubfg |
|
| 11 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 12 |
| vulnerability |
VCID-wmr5-yjdd-7fhy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13 |
|
| 1 |
| url |
pkg:composer/mautic/core@5.1.1 |
| purl |
pkg:composer/mautic/core@5.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-72qd-qyx1-9kcj |
|
| 2 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 3 |
| vulnerability |
VCID-8css-7395-v7fe |
|
| 4 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 5 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 6 |
| vulnerability |
VCID-d8gm-pcqd-kyh9 |
|
| 7 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 8 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 9 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 10 |
| vulnerability |
VCID-uxc8-np41-ubfg |
|
| 11 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 12 |
| vulnerability |
VCID-wmr5-yjdd-7fhy |
|
| 13 |
| vulnerability |
VCID-xnwg-23ba-5feb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1 |
|
|
| aliases |
CVE-2022-25768, GHSA-x3jx-5w6m-q2fc
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kb5u-fxss-nqcf |
|
| 22 |
| url |
VCID-kqrt-jk5r-2ybq |
| vulnerability_id |
VCID-kqrt-jk5r-2ybq |
| summary |
This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users.
* Remote Code Execution (RCE) via Asset Upload:Â A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts.
* Path Traversal File Deletion:Â A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-47051, GHSA-73gx-x7r9-77x2
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kqrt-jk5r-2ybq |
|
| 23 |
| url |
VCID-m1r7-7mf4-u3gt |
| vulnerability_id |
VCID-m1r7-7mf4-u3gt |
| summary |
Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.
Users could inject malicious code into the notification when saving Dashboards. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@4.4.12 |
| purl |
pkg:composer/mautic/core@4.4.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 2 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 3 |
| vulnerability |
VCID-72qd-qyx1-9kcj |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-8css-7395-v7fe |
|
| 6 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 7 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 8 |
| vulnerability |
VCID-d8gm-pcqd-kyh9 |
|
| 9 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 10 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 11 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 12 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 13 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 14 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 15 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 16 |
| vulnerability |
VCID-uxc8-np41-ubfg |
|
| 17 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 18 |
| vulnerability |
VCID-wmr5-yjdd-7fhy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.12 |
|
|
| aliases |
CVE-2022-25774, GHSA-fhcx-f7jg-jx3f
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m1r7-7mf4-u3gt |
|
| 24 |
| url |
VCID-mwyt-a655-4ycq |
| vulnerability_id |
VCID-mwyt-a655-4ycq |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@2.12.0-beta |
| purl |
pkg:composer/mautic/core@2.12.0-beta |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2g6y-5hpv-7bdx |
|
| 2 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 3 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 4 |
| vulnerability |
VCID-68rz-q2zr-3uew |
|
| 5 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 6 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 7 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 8 |
| vulnerability |
VCID-8ma7-rz6x-2kf9 |
|
| 9 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 10 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 11 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 12 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 13 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 14 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 15 |
| vulnerability |
VCID-f62m-zw1p-fqbh |
|
| 16 |
| vulnerability |
VCID-f68m-ft5s-s7cm |
|
| 17 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 18 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 19 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 20 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 21 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 22 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 23 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 24 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 25 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 26 |
| vulnerability |
VCID-vhp5-wnad-5qhr |
|
| 27 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 28 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 29 |
| vulnerability |
VCID-wt8d-xdws-h7hp |
|
| 30 |
| vulnerability |
VCID-ztf2-x5fp-rfdt |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0-beta |
|
| 1 |
| url |
pkg:composer/mautic/core@2.12.0 |
| purl |
pkg:composer/mautic/core@2.12.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2g6y-5hpv-7bdx |
|
| 2 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 3 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 4 |
| vulnerability |
VCID-68rz-q2zr-3uew |
|
| 5 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 6 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 7 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 8 |
| vulnerability |
VCID-8ma7-rz6x-2kf9 |
|
| 9 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 10 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 11 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 12 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 13 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 14 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 15 |
| vulnerability |
VCID-f62m-zw1p-fqbh |
|
| 16 |
| vulnerability |
VCID-f68m-ft5s-s7cm |
|
| 17 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 18 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 19 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 20 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 21 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 22 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 23 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 24 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 25 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 26 |
| vulnerability |
VCID-vhp5-wnad-5qhr |
|
| 27 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 28 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 29 |
| vulnerability |
VCID-wt8d-xdws-h7hp |
|
| 30 |
| vulnerability |
VCID-ztf2-x5fp-rfdt |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0 |
|
|
| aliases |
CVE-2017-1000489, GHSA-6x98-fx9j-7c78
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mwyt-a655-4ycq |
|
| 25 |
| url |
VCID-qw81-xmgp-t7ag |
| vulnerability_id |
VCID-qw81-xmgp-t7ag |
| summary |
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/mautic/mautic |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/mautic/mautic |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf |
| reference_id |
GHSA-xv68-rrmw-9xwf |
| reference_type |
|
| scores |
| 0 |
| value |
2.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L |
|
| 1 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 3 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 4 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 5 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:42:03Z/ |
|
|
| url |
https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@4.4.13 |
| purl |
pkg:composer/mautic/core@4.4.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-72qd-qyx1-9kcj |
|
| 2 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 3 |
| vulnerability |
VCID-8css-7395-v7fe |
|
| 4 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 5 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 6 |
| vulnerability |
VCID-d8gm-pcqd-kyh9 |
|
| 7 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 8 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 9 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 10 |
| vulnerability |
VCID-uxc8-np41-ubfg |
|
| 11 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 12 |
| vulnerability |
VCID-wmr5-yjdd-7fhy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13 |
|
| 1 |
| url |
pkg:composer/mautic/core@5.1.1 |
| purl |
pkg:composer/mautic/core@5.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-72qd-qyx1-9kcj |
|
| 2 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 3 |
| vulnerability |
VCID-8css-7395-v7fe |
|
| 4 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 5 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 6 |
| vulnerability |
VCID-d8gm-pcqd-kyh9 |
|
| 7 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 8 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 9 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 10 |
| vulnerability |
VCID-uxc8-np41-ubfg |
|
| 11 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 12 |
| vulnerability |
VCID-wmr5-yjdd-7fhy |
|
| 13 |
| vulnerability |
VCID-xnwg-23ba-5feb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1 |
|
|
| aliases |
CVE-2024-47058, GHSA-xv68-rrmw-9xwf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qw81-xmgp-t7ag |
|
| 26 |
| url |
VCID-recs-hwrv-bub4 |
| vulnerability_id |
VCID-recs-hwrv-bub4 |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@3.3.2 |
| purl |
pkg:composer/mautic/core@3.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-39v5-2gxn-tbgq |
|
| 3 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 4 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 5 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 6 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 7 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 8 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 9 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 10 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 11 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 12 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 13 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 14 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 15 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 16 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 17 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 18 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 19 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 20 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 21 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 22 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 23 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.2 |
|
|
| aliases |
CVE-2021-27908, GHSA-4hjq-422q-4vpx
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-recs-hwrv-bub4 |
|
| 27 |
| url |
VCID-tsqf-yg62-dkhg |
| vulnerability_id |
VCID-tsqf-yg62-dkhg |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@3.3.4 |
| purl |
pkg:composer/mautic/core@3.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-39v5-2gxn-tbgq |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 6 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 7 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 8 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 9 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 10 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 11 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 12 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 13 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 14 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 15 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 16 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 17 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 18 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4 |
|
| 1 |
| url |
pkg:composer/mautic/core@4.0.0 |
| purl |
pkg:composer/mautic/core@4.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-39v5-2gxn-tbgq |
|
| 3 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 4 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 5 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 6 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 7 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 8 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 9 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 10 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 11 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 12 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 13 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 14 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 15 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 16 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 17 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 18 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 19 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 20 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 21 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 22 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0 |
|
|
| aliases |
CVE-2021-27911, GHSA-72hm-fx78-xwhc
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tsqf-yg62-dkhg |
|
| 28 |
| url |
VCID-vhp5-wnad-5qhr |
| vulnerability_id |
VCID-vhp5-wnad-5qhr |
| summary |
Mautic stored Cross-site Scripting (XSS) |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@2.16.5 |
| purl |
pkg:composer/mautic/core@2.16.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 6 |
| vulnerability |
VCID-8ma7-rz6x-2kf9 |
|
| 7 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 8 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 9 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 10 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 11 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 12 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 13 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 14 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 15 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 16 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 17 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 18 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 19 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 20 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 21 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 22 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 23 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 24 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 25 |
| vulnerability |
VCID-wt8d-xdws-h7hp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5 |
|
| 1 |
| url |
pkg:composer/mautic/core@3.2.4 |
| purl |
pkg:composer/mautic/core@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 6 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 7 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 8 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 9 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 10 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 11 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 12 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 13 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 14 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 15 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 16 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 17 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 18 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 19 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 20 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 21 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 22 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 23 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4 |
|
|
| aliases |
CVE-2020-35128, GHSA-98j2-3jv7-274m
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vhp5-wnad-5qhr |
|
| 29 |
| url |
VCID-vqbf-nksb-x7dm |
| vulnerability_id |
VCID-vqbf-nksb-x7dm |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@3.3.4 |
| purl |
pkg:composer/mautic/core@3.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-39v5-2gxn-tbgq |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 6 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 7 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 8 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 9 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 10 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 11 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 12 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 13 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 14 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 15 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 16 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 17 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 18 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4 |
|
| 1 |
| url |
pkg:composer/mautic/core@4.0.0 |
| purl |
pkg:composer/mautic/core@4.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-39v5-2gxn-tbgq |
|
| 3 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 4 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 5 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 6 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 7 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 8 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 9 |
| vulnerability |
VCID-ab6z-nnwn-h3bx |
|
| 10 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 11 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 12 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 13 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 14 |
| vulnerability |
VCID-f7c7-1f37-t7be |
|
| 15 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 16 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 17 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 18 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 19 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 20 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 21 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 22 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0 |
|
|
| aliases |
CVE-2021-27909, GHSA-32hw-3pvh-vcvc
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vqbf-nksb-x7dm |
|
| 30 |
| url |
VCID-w287-c1u9-xugv |
| vulnerability_id |
VCID-w287-c1u9-xugv |
| summary |
This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server.
* Improper Limitation of a Pathname to a Restricted Directory:Â A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2022-25773, GHSA-4w2w-36vm-c8hf
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w287-c1u9-xugv |
|
| 31 |
| url |
VCID-wt8d-xdws-h7hp |
| vulnerability_id |
VCID-wt8d-xdws-h7hp |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@2.16.5 |
| purl |
pkg:composer/mautic/core@2.16.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 6 |
| vulnerability |
VCID-8ma7-rz6x-2kf9 |
|
| 7 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 8 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 9 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 10 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 11 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 12 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 13 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 14 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 15 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 16 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 17 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 18 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 19 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 20 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 21 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 22 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 23 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 24 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 25 |
| vulnerability |
VCID-wt8d-xdws-h7hp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5 |
|
| 1 |
| url |
pkg:composer/mautic/core@3.2.4 |
| purl |
pkg:composer/mautic/core@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 6 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 7 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 8 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 9 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 10 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 11 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 12 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 13 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 14 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 15 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 16 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 17 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 18 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 19 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 20 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 21 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 22 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 23 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4 |
|
|
| aliases |
CVE-2020-35124, GHSA-39wj-j3jc-858m
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wt8d-xdws-h7hp |
|
| 32 |
| url |
VCID-ztf2-x5fp-rfdt |
| vulnerability_id |
VCID-ztf2-x5fp-rfdt |
| summary |
Mautic is vulnerable to XSS vulnerability |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mautic/core@2.16.5 |
| purl |
pkg:composer/mautic/core@2.16.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 6 |
| vulnerability |
VCID-8ma7-rz6x-2kf9 |
|
| 7 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 8 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 9 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 10 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 11 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 12 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 13 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 14 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 15 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 16 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 17 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 18 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 19 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 20 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 21 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 22 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 23 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 24 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
| 25 |
| vulnerability |
VCID-wt8d-xdws-h7hp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5 |
|
| 1 |
| url |
pkg:composer/mautic/core@3.2.4 |
| purl |
pkg:composer/mautic/core@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-169x-kkjv-tuhd |
|
| 1 |
| vulnerability |
VCID-2xsp-rqs9-q3f6 |
|
| 2 |
| vulnerability |
VCID-3g4e-a7qf-7bg1 |
|
| 3 |
| vulnerability |
VCID-6udr-t1gz-yydw |
|
| 4 |
| vulnerability |
VCID-78su-anjk-nbfe |
|
| 5 |
| vulnerability |
VCID-7q52-cbyc-7uf6 |
|
| 6 |
| vulnerability |
VCID-8ns1-8zyf-97d5 |
|
| 7 |
| vulnerability |
VCID-9h4n-kq2p-u7ge |
|
| 8 |
| vulnerability |
VCID-aq3j-jvqn-wkgn |
|
| 9 |
| vulnerability |
VCID-bqh5-8b3y-5yer |
|
| 10 |
| vulnerability |
VCID-dn9j-69ah-wye9 |
|
| 11 |
| vulnerability |
VCID-eqbh-kevx-g7az |
|
| 12 |
| vulnerability |
VCID-gcyk-qnbe-cyde |
|
| 13 |
| vulnerability |
VCID-jnyh-wtct-juax |
|
| 14 |
| vulnerability |
VCID-kb5u-fxss-nqcf |
|
| 15 |
| vulnerability |
VCID-kqrt-jk5r-2ybq |
|
| 16 |
| vulnerability |
VCID-m1r7-7mf4-u3gt |
|
| 17 |
| vulnerability |
VCID-nc5r-759g-qkhx |
|
| 18 |
| vulnerability |
VCID-qw81-xmgp-t7ag |
|
| 19 |
| vulnerability |
VCID-recs-hwrv-bub4 |
|
| 20 |
| vulnerability |
VCID-tsqf-yg62-dkhg |
|
| 21 |
| vulnerability |
VCID-u72c-jyaa-aqcj |
|
| 22 |
| vulnerability |
VCID-vqbf-nksb-x7dm |
|
| 23 |
| vulnerability |
VCID-w287-c1u9-xugv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4 |
|
|
| aliases |
CVE-2020-35125, GHSA-42q7-95j7-w62m
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ztf2-x5fp-rfdt |
|