CVE-2022-25776

Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*

History

24 Sep 2024, 15:19

Type Values Removed Values Added
First Time Acquia mautic
Acquia
References () https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8 - () https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8 - Third Party Advisory
CPE cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 8.3
v2 : unknown
v3 : 6.5

20 Sep 2024, 12:30

Type Values Removed Values Added
Summary
  • (es) Antes de la versión parcheada, los usuarios registrados de Mautic podían acceder a áreas de la aplicación a las que no deberían tener acceso. Los usuarios podrían acceder a datos confidenciales como nombres y apellidos, nombres de empresas y nombres artísticos.

18 Sep 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-18 15:15

Updated : 2024-09-24 15:19


NVD link : CVE-2022-25776

Mitre link : CVE-2022-25776

CVE.ORG link : CVE-2022-25776


JSON object : View

Products Affected

acquia

  • mautic
CWE
CWE-276

Incorrect Default Permissions