GHSA-438m-6mhw-hq5w

Опубликовано: 03 сент. 2025

Источник: github

Github: Прошло ревью

CVSS3: 5.5

Описание

Mautic vulnerable to secret data extraction via elfinder

Summary

A user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available.

Impact

An administrator who usually does not have access to certain parameters, such as database credentials, can disclose them.

Ссылки

Пакеты

Наименование

mautic/core

composer

Затронутые версииВерсия исправления

>= 4.4.0, < 4.4.17

4.4.17

Наименование

mautic/core

composer

Затронутые версииВерсия исправления

>= 5.0.0-alpha, < 5.2.8

5.2.8

Наименование

mautic/core

composer

Затронутые версииВерсия исправления

>= 6.0.0-alpha, < 6.0.5

6.0.5

EPSS

Процентиль: 11%

0.00039

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2025-9822

Дефекты

CWE-283

Связанные уязвимости

CVE-2025-9822

CVSS3: 5.5

nvd

3 месяца назад

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them.

EPSS

Процентиль: 11%

0.00039

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2025-9822

Дефекты

CWE-283