Sensitive Data Access Vulnerability in Mautic
CVE-2022-25776

6.5MEDIUM

Key Information:

Vendor: Mautic
Status: Mautic
Vendor: CVE Published:; 18 September 2024

Summary

A vulnerability in Mautic allows authenticated users to gain access to areas of the application that should be restricted. This flaw poses a significant risk, as it enables users to view sensitive information including personal details, company names, and potentially harmful data. Organizations utilizing Mautic must address this vulnerability to safeguard user privacy and ensure compliance with data protection regulations.

Affected Version(s)

Mautic >= 1.0.2 < 1.0.2

Mautic >5.0.0 < 5.0.0

References

https://github.com/mautic/mautic/security/advisories/GHSA...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2024
Vulnerability Reserved
Feb 22, 2022

Collectors

NVD DatabaseMitre Database

Credit

infosec-it-init

Lenon Leite

Avikarsha Saha

John Linhart