Опубликовано: 19 сент. 2024
Источник: github
Github: Прошло ревью
CVSS4: 7.4
CVSS3: 7.8
Описание
Duplicate Advisory: Mautic has insufficient authentication in upgrade flow
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-qf6m-6m4g-rmrc. This link is maintained to preserve external references.
Original Description
Mautic allows you to update the application via an upgrade script.
The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.
This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.
Пакеты
Наименование
mautic/core
composer
Затронутые версииВерсия исправления
>= 1.0.0-beta3, < 4.4.13
4.4.13
Наименование
mautic/core
composer
Затронутые версииВерсия исправления
>= 5.0.0, < 5.1.1
5.1.1
7.4 High
CVSS4
7.8 High
CVSS3
Дефекты
CWE-306
7.4 High
CVSS4
7.8 High
CVSS3
Дефекты
CWE-306