CVE-2022-25777
published 2024-09-18CVE-2022-25777: Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side…
PriorityP338medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.45%
35.5th percentile
Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acquia | mautic | — | — |
| acquia | mautic | >= 1.0.1 < 4.4.12 | 4.4.12 |
| acquia | mautic | >= 5.0.0 < 5.0.4 | 5.0.4 |
| mautic | core | >= 1.0.0-beta4 < 4.4.12 | 4.4.12 |
| mautic | core | >= 5.0.0-alpha < 5.0.4 | 5.0.4 |
| mautic | mautic | >= > 5.0.0 < < 5.0.4 | < 5.0.4 |
| mautic | mautic | >= >= 1.0.0-beta4 < < 4.4.12 | < 4.4.12 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Mautic: MST-48 Server-Side Request Forgery in Asset section
ghsa·2024-04-12
CVE-2022-25777 [MEDIUM] CWE-918 Mautic: MST-48 Server-Side Request Forgery in Asset section
Mautic: MST-48 Server-Side Request Forgery in Asset section
### Impact
Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.
### Patches
Update to 4.4.12 or 5.0.4
### Workarounds
None
### References
- https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/
If you have any questions or comments about this advisory:
Email us at [[email protected]](mailto:[email protected])
OSV
Mautic: MST-48 Server-Side Request Forgery in Asset section
osv·2024-04-12
CVE-2022-25777 [MEDIUM] Mautic: MST-48 Server-Side Request Forgery in Asset section
Mautic: MST-48 Server-Side Request Forgery in Asset section
### Impact
Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.
### Patches
Update to 4.4.12 or 5.0.4
### Workarounds
None
### References
- https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/
If you have any questions or comments about this advisory:
Email us at [[email protected]](mailto:[email protected])
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-18
Published