CVE-2022-25770
HIGH7.8EPSS 0.30%Mautic has insufficient authentication in upgrade flow
發布日:2024/9/18修改日:2025/2/21
描述
### Impact Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable ### Patches Please upgrade to 4.4.1 or 5.1.1 or later. ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at [[email protected]](mailto:[email protected])
受影響套件(2)
- Packagist/mautic/core>= 1.0.0-beta3, < 4.4.13
- Packagist/mautic/core-lib>= 1.0.0-beta3, < 4.4.13
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N |
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-25770
- PATCHhttps://github.com/mautic/mautic
- WEBhttps://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca
- WEBhttps://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf
- WEBhttps://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc