GSA_kwCzR0hTQS14M2p4LTV3Nm0tcTJmY84AA_rI

High CVSS: 8.3 EPSS: 0.00272% (0.50327 Percentile) EPSS:

Permalink JSON

Mautic vulnerable to Improper Access Control in UI upgrade process

Affected Packages	Affected Versions	Fixed Versions
packagist:mautic/core	>= 5.0.0-alpha, < 5.1.1, >= 1.1.3, < 4.4.13	5.1.1, 4.4.13
2 Dependent packages 3 Dependent repositories 2,515 Downloads total Affected Version Ranges All affected versions 1.1.3, 1.2.0, 1.2.0-beta1, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.3.0, 2.4.0, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.7.0, 2.7.1, 2.8.0, 2.8.1, 2.8.2, 2.9.0, 2.9.0-beta, 2.9.1, 2.9.2, 2.10.0, 2.10.0-beta, 2.10.1, 2.11.0, 2.11.0-beta, 2.12.0, 2.12.0-beta, 2.12.1, 2.12.1-beta, 2.12.2, 2.12.2-beta, 2.13.0, 2.13.0-beta, 2.13.1, 2.14.0, 2.14.0-beta, 2.14.1, 2.14.1-beta, 2.14.2, 2.14.2-beta, 2.15.0, 2.15.0-beta, 2.15.1, 2.15.1-beta, 2.15.2, 2.15.2-beta, 2.15.3, 2.15.3-beta, 2.16.0, 2.16.0-beta, 2.16.1, 2.16.1-beta, 2.16.2, 2.16.2-beta, 2.16.3, 2.16.3-beta, 2.16.4, 2.16.5, 3.0.0, 3.0.0-alpha, 3.0.0-beta, 3.0.0-beta2, 3.0.1, 3.0.2, 3.0.2-rc, 3.1.0, 3.1.0-rc, 3.1.1, 3.1.1-rc, 3.1.2, 3.1.2-rc, 3.2.0, 3.2.0-rc, 3.2.1, 3.2.2, 3.2.2-rc, 3.2.3, 3.2.4, 3.2.5, 3.2.5-rc, 3.3.0, 3.3.0-rc, 3.3.1, 3.3.2, 3.3.2-rc, 3.3.3, 3.3.3-rc, 3.3.4, 3.3.5, 4.0.0, 4.0.0-alpha1, 4.0.0-beta, 4.0.0-rc, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 4.2.0, 4.2.0-rc, 4.2.0-rc1, 4.2.1, 4.2.2, 4.3.0, 4.3.0-beta, 4.3.0-rc, 4.3.1, 4.4.0, 4.4.0-beta, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.4.11, 4.4.12, 5.0.0, 5.0.0-alpha, 5.0.0-alpha1, 5.0.0-beta1, 5.0.0-beta2, 5.0.0-rc1, 5.0.0-rc2, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.1.0 All unaffected versions 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.1.0, 1.1.1, 1.1.2, 4.4.13, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 7.0.0
packagist:mautic/core-lib	>= 5.0.0-alpha, < 5.1.1, >= 1.1.3, < 4.4.13	5.1.1, 4.4.13
56 Dependent packages 85 Dependent repositories 87,312 Downloads total Affected Version Ranges All affected versions 4.0.0, 4.0.0-alpha1, 4.0.0-beta, 4.0.0-rc, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 4.2.0, 4.2.0-rc, 4.2.0-rc1, 4.2.1, 4.2.2, 4.3.0, 4.3.0-beta, 4.3.0-rc, 4.3.1, 4.4.0, 4.4.1, 4.4.1-alpha, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.4.11, 4.4.12, 5.0.0, 5.0.0-alpha, 5.0.0-alpha1, 5.0.0-beta1, 5.0.0-beta2, 5.0.0-rc1, 5.0.0-rc2, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.1.0 All unaffected versions 4.4.13, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 7.0.0

Impact

The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.

Patches

Upgrade to 4.4.13 or 5.1.1 or later.

Workarounds

None.

For more information

If you have any questions or comments about this advisory:

Email us at security@mautic.org

References:

Identifiers

GHSA-x3jx-5w6m-q2fc

CVE-2022-25768

Risk

Severity

High

CVSS

CVSS Score: 8.3

CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00272

EPSS Percentile: 0.50327

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/mautic/mautic
View on Ecosyste.ms

Date and time

Published

over 1 year ago

Updated

about 15 hours ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories