Headline
GHSA-qf6m-6m4g-rmrc: Mautic has insufficient authentication in upgrade flow
Impact
Mautic allows you to update the application via an upgrade script.
The upgrade logic isn’t shielded off correctly, which may lead to vulnerable situation.
This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable
Patches
Please upgrade to 4.4.1 or 5.1.1 or later.
Workarounds
None.
For more information
If you have any questions or comments about this advisory:
- Email us at [email protected]
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-47051
Mautic has insufficient authentication in upgrade flow
High severity GitHub Reviewed Published Sep 18, 2024 in mautic/mautic • Updated Sep 18, 2024
Package
Affected versions
>= 1.0.0-beta3, < 4.4.13
>= 5.0.0-alpha, < 5.1.1
Patched versions
4.4.13
5.1.1
>= 1.0.0-beta3, < 4.4.13
>= 5.0.0-alpha, < 5.1.1
Impact
Mautic allows you to update the application via an upgrade script.
The upgrade logic isn’t shielded off correctly, which may lead to vulnerable situation.
This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable
Patches
Please upgrade to 4.4.1 or 5.1.1 or later.
Workarounds
None.
For more information
If you have any questions or comments about this advisory:
- Email us at [email protected]
References
- GHSA-qf6m-6m4g-rmrc
- mautic/mautic@73b18e9
- mautic/mautic@aee7bfb
Published to the GitHub Advisory Database
Sep 18, 2024
Last updated
Sep 18, 2024