Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS01aGM1LWZ4cjktNWZyY84AA_rw

High CVSS: 7.4
Permalink JSON

Duplicate Advisory: Mautic has insufficient authentication in upgrade flow

Affected Packages Affected Versions Fixed Versions
packagist:mautic/core >= 5.0.0, < 5.1.1, >= 1.0.0-beta3, < 4.4.13 5.1.1, 4.4.13
2 Dependent packages
3 Dependent repositories
2,487 Downloads total

Affected Version Ranges

All affected versions

1.0.0, 1.0.0-beta, 1.0.0-beta2, 1.0.0-beta3, 1.0.0-beta4, 1.0.0-rc1, 1.0.0-rc2, 1.0.0-rc3, 1.0.0-rc4, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.2.0-beta1, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.3.0, 2.4.0, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.7.0, 2.7.1, 2.8.0, 2.8.1, 2.8.2, 2.9.0, 2.9.0-beta, 2.9.1, 2.9.2, 2.10.0, 2.10.0-beta, 2.10.1, 2.11.0, 2.11.0-beta, 2.12.0, 2.12.0-beta, 2.12.1, 2.12.1-beta, 2.12.2, 2.12.2-beta, 2.13.0, 2.13.0-beta, 2.13.1, 2.14.0, 2.14.0-beta, 2.14.1, 2.14.1-beta, 2.14.2, 2.14.2-beta, 2.15.0, 2.15.0-beta, 2.15.1, 2.15.1-beta, 2.15.2, 2.15.2-beta, 2.15.3, 2.15.3-beta, 2.16.0, 2.16.0-beta, 2.16.1, 2.16.1-beta, 2.16.2, 2.16.2-beta, 2.16.3, 2.16.3-beta, 2.16.4, 2.16.5, 3.0.0, 3.0.0-alpha, 3.0.0-beta, 3.0.0-beta2, 3.0.1, 3.0.2, 3.0.2-rc, 3.1.0, 3.1.0-rc, 3.1.1, 3.1.1-rc, 3.1.2, 3.1.2-rc, 3.2.0, 3.2.0-rc, 3.2.1, 3.2.2, 3.2.2-rc, 3.2.3, 3.2.4, 3.2.5, 3.2.5-rc, 3.3.0, 3.3.0-rc, 3.3.1, 3.3.2, 3.3.2-rc, 3.3.3, 3.3.3-rc, 3.3.4, 3.3.5, 4.0.0, 4.0.0-alpha1, 4.0.0-beta, 4.0.0-rc, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 4.2.0, 4.2.0-rc, 4.2.0-rc1, 4.2.1, 4.2.2, 4.3.0, 4.3.0-beta, 4.3.0-rc, 4.3.1, 4.4.0, 4.4.0-beta, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.4.11, 4.4.12, 5.0.0, 5.0.0-alpha, 5.0.0-alpha1, 5.0.0-beta1, 5.0.0-beta2, 5.0.0-rc1, 5.0.0-rc2, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.1.0

All unaffected versions

4.4.13, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-qf6m-6m4g-rmrc. This link is maintained to preserve external references.

Original Description

Mautic allows you to update the application via an upgrade script.

The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.

This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.

References:

Identifiers

GHSA-5hc5-fxr9-5frc

Risk

Severity

High

CVSS

CVSS Score: 7.4

CVSS vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/mautic/mautic

Date and time

Published

about 1 year ago

Updated

7 days ago

Withdrawn

10 months ago

API

JSON