Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-25776

Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names.

Published

2024-09-18T15:15:13.620

Last Modified

2024-09-24T15:19:46.117

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.3 (HIGH)

Weaknesses

Type: Secondary
CWE-276
Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	acquia	mautic	< 4.4.12	Yes
Application	acquia	mautic	< 5.0.4	Yes

References

https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8 Third Party Advisory ([email protected])