CVE-2017-1000489
published 2018-01-03CVE-2017-1000489: Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address
PriorityP338high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
1.12%
62.0th percentile
Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| acquia | mautic | — | — |
| mautic | core | >= 2.0.0 < 2.12.0 | 2.12.0 |
| mautic | mautic | — | — |
| mautic | mautic | — | — |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Disabled users able to log in with third party SSO plugin
osv·2021-01-19
CVE-2017-1000489 [HIGH] Disabled users able to log in with third party SSO plugin
Disabled users able to log in with third party SSO plugin
### Impact
Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address
### Patches
Upgrade to 2.12.0 or later.
### Workarounds
None.
### For more information
If you have any questions or comments about this advisory:
* Email us at [[email protected]](mailto:[email protected])
GHSA
Disabled users able to log in with third party SSO plugin
ghsa·2021-01-19
CVE-2017-1000489 [HIGH] CWE-287 Disabled users able to log in with third party SSO plugin
Disabled users able to log in with third party SSO plugin
### Impact
Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address
### Patches
Upgrade to 2.12.0 or later.
### Workarounds
None.
### For more information
If you have any questions or comments about this advisory:
* Email us at [[email protected]](mailto:[email protected])
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-01-03
Published