CVE-2022-25768
published 2024-09-18CVE-2022-25768: The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to…
PriorityP337medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EPSS
0.29%
20.6th percentile
The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acquia | mautic | >= 1.1.3 < 4.4.13 | 4.4.13 |
| acquia | mautic | >= 5.0.0 < 5.1.1 | 5.1.1 |
| mautic | core | >= 1.1.3 < 4.4.13 | 4.4.13 |
| mautic | core | >= 5.0.0-alpha < 5.1.1 | 5.1.1 |
| mautic | core-lib | >= 1.1.3 < 4.4.13 | 4.4.13 |
| mautic | core-lib | >= 5.0.0-alpha < 5.1.1 | 5.1.1 |
| mautic | mautic | >= >= 1.1.3 < < 4.4.13 | < 4.4.13 |
| mautic | mautic | >= >= 5.0.0 < < 5.1.1 | < 5.1.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Mautic vulnerable to Improper Access Control in UI upgrade process
osv·2024-09-18
CVE-2022-25768 [HIGH] Mautic vulnerable to Improper Access Control in UI upgrade process
Mautic vulnerable to Improper Access Control in UI upgrade process
### Impact
The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.
### Patches
Upgrade to 4.4.13 or 5.1.1 or later.
### Workarounds
None.
### For more information
If you have any questions or comments about this advisory:
* Email us at [[email protected]](mailto:[email protected])
GHSA
Mautic vulnerable to Improper Access Control in UI upgrade process
ghsa·2024-09-18
CVE-2022-25768 [HIGH] CWE-284 Mautic vulnerable to Improper Access Control in UI upgrade process
Mautic vulnerable to Improper Access Control in UI upgrade process
### Impact
The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.
### Patches
Upgrade to 4.4.13 or 5.1.1 or later.
### Workarounds
None.
### For more information
If you have any questions or comments about this advisory:
* Email us at [[email protected]](mailto:[email protected])
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-18
Published