GHSA-mgv8-w49f-822w

Опубликовано: 12 апр. 2024

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Mautic: MST-48 Server-Side Request Forgery in Asset section

Impact

Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.

Patches

Update to 4.4.12 or 5.0.4

Workarounds

None

References

https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/

If you have any questions or comments about this advisory:

Email us at security@mautic.org

Ссылки

Пакеты

Наименование

mautic/core

composer

Затронутые версииВерсия исправления

>= 1.0.0-beta4, < 4.4.12

4.4.12

Наименование

mautic/core

composer

Затронутые версииВерсия исправления

>= 5.0.0-alpha, < 5.0.4

5.0.4

EPSS

Процентиль: 34%

0.00138

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2022-25777

Дефекты

CWE-918

Связанные уязвимости

CVE-2022-25777

CVSS3: 6.5

nvd

больше 1 года назад

Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.

EPSS

Процентиль: 34%

0.00138

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2022-25777

Дефекты

CWE-918