CVE-2022-25770

Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc

Configurations

No configuration.

History

20 Sep 2024, 12:30

Type	Values Removed	Values Added
Summary		(es) Mautic permite actualizar la aplicación mediante un script de actualización. La lógica de actualización no está protegida correctamente, lo que puede generar una situación vulnerable. Esta vulnerabilidad se ve mitigada por el hecho de que Mautic debe instalarse de una determinada manera para que sea vulnerable.

18 Sep 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-18 22:15

Updated : 2024-09-20 12:30

NVD link : CVE-2022-25770

Mitre link : CVE-2022-25770

CVE.ORG link : CVE-2022-25770

JSON object : View

Products Affected

No product.

CWE

CWE-306

Missing Authentication for Critical Function

7.8 /10