Authentication Bypass in Mautic Affected by SSO Plugin
CVE-2017-1000489

8.1HIGH

Key Information:

Vendor: Mautic
Status: Mautic
Vendor: CVE Published:; 3 January 2018

Summary

A vulnerability in Mautic versions 2.0.0 to 2.11.0 with an installed Single Sign-On (SSO) plugin could allow a disabled user to circumvent authentication and log in using their email address. This security flaw may expose sensitive data and poses a risk to the integrity of user management within the Mautic platform. Users are advised to update to version 2.12.0 or later to mitigate this risk.

References

https://github.com/mautic/mautic/releases/tag/2.12.0

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 3, 2018