Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-k2tn-w8n6-8ba1
Vulnerability ID VCID-k2tn-w8n6-8ba1
Aliases CVE-2017-1000489
GHSA-6x98-fx9j-7c78
Summary Improper Authentication Mautic allows a disabled user to still login using email address.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-287 Improper Authentication
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2017-1000489
cvssv3.1 8.1 https://github.com/mautic/mautic/commit/fd933cbef795b04cabdc50527cb18e037488fef9
generic_textual HIGH https://github.com/mautic/mautic/commit/fd933cbef795b04cabdc50527cb18e037488fef9
cvssv3.1 8.1 https://github.com/mautic/mautic/releases/tag/2.12.0
generic_textual HIGH https://github.com/mautic/mautic/releases/tag/2.12.0
cvssv3.1 8.1 https://github.com/mautic/mautic/security/advisories/GHSA-6x98-fx9j-7c78
generic_textual HIGH https://github.com/mautic/mautic/security/advisories/GHSA-6x98-fx9j-7c78
cvssv3.1 8.1 https://nvd.nist.gov/vuln/detail/CVE-2017-1000489
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2017-1000489
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2017-1000489
https://github.com/mautic/mautic/commit/fd933cbef795b04cabdc50527cb18e037488fef9
https://github.com/mautic/mautic/releases/tag/2.12.0
https://github.com/mautic/mautic/security/advisories/GHSA-6x98-fx9j-7c78
CVE-2017-1000489 https://nvd.nist.gov/vuln/detail/CVE-2017-1000489
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/mautic/mautic/commit/fd933cbef795b04cabdc50527cb18e037488fef9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/mautic/mautic/releases/tag/2.12.0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/mautic/mautic/security/advisories/GHSA-6x98-fx9j-7c78
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-1000489
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.5076
EPSS Score 0.00271
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:37:24.345386+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2017-1000489.yml 38.6.0