Headline
GHSA-5hc5-fxr9-5frc: Mautic has insufficient authentication in upgrade flow
Mautic allows you to update the application via an upgrade script.
The upgrade logic isn’t shielded off correctly, which may lead to vulnerable situation.
This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2022-25770
Mautic has insufficient authentication in upgrade flow
High severity GitHub Reviewed Published Sep 19, 2024 to the GitHub Advisory Database • Updated Sep 19, 2024
Package
Affected versions
>= 1.0.0-beta3, < 4.4.13
>= 5.0.0, < 5.1.1
Patched versions
4.4.13
5.1.1
Mautic allows you to update the application via an upgrade script.
The upgrade logic isn’t shielded off correctly, which may lead to vulnerable situation.
This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.
References
- GHSA-qf6m-6m4g-rmrc
- https://nvd.nist.gov/vuln/detail/CVE-2022-25770
Published to the GitHub Advisory Database
Sep 19, 2024
Last updated
Sep 19, 2024