CVE-2022-25776
8.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Summary
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.
Users could potentially access sensitive data such as names and surnames, company names and stage names.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mautic | Mautic | >= 1.0.2 < < 4.4.12 | affected |
| Mautic | Mautic | >5.0.0 < < 5.0.4 | affected |
Weaknesses
- CWE-276: CWE-276 Incorrect Default Permissions
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.