CVE-2021-27916

Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. This vulnerability exists in the implementation of the GrapesJS builder in Mautic.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*

History

02 Oct 2024, 14:29

Type Values Removed Values Added
First Time Acquia mautic
Acquia
CPE cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*
References () https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p - () https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p - Third Party Advisory

20 Sep 2024, 12:30

Type Values Removed Values Added
Summary
  • (es) Antes de la versión parcheada, los usuarios registrados de Mautic eran vulnerables a la eliminación arbitraria de archivos y al recorrido de ruta relativa. Independientemente del nivel de acceso que tuviera el usuario de Mautic, podía eliminar archivos que no estuvieran en las carpetas multimedia, como archivos del sistema, librerías u otros archivos importantes. Esta vulnerabilidad existe en la implementación del generador GrapesJS en Mautic.

17 Sep 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-17 15:15

Updated : 2024-10-02 14:29


NVD link : CVE-2021-27916

Mitre link : CVE-2021-27916

CVE.ORG link : CVE-2021-27916


JSON object : View

Products Affected

acquia

  • mautic
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')