Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.
This vulnerability exists in the implementation of the GrapesJS builder in Mautic.
References
Link | Resource |
---|---|
https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
02 Oct 2024, 14:29
Type | Values Removed | Values Added |
---|---|---|
First Time |
Acquia mautic
Acquia |
|
CPE | cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* | |
References | () https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p - Third Party Advisory |
20 Sep 2024, 12:30
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
17 Sep 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-17 15:15
Updated : 2024-10-02 14:29
NVD link : CVE-2021-27916
Mitre link : CVE-2021-27916
CVE.ORG link : CVE-2021-27916
JSON object : View
Products Affected
acquia
- mautic
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')