Sensitive Data Access Vulnerability in Mautic

CVE-2022-25776

6.5MEDIUM

Key Information

Vendor: Mautic
Status: Mautic
Vendor: CVE Published:; 18 September 2024

Summary

Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names.

Affected Version(s)

Mautic < 1.0.2

Mautic < 5.0.0

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 18, 2024
Vulnerability Reserved.
Feb 22, 2022

Collectors

NVD DatabaseMitre Database

Credit

infosec-it-init

Lenon Leite

Avikarsha Saha

John Linhart