CVE-2022-25770

Mautic allows you to update the application via an upgrade script.

The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.

This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
MauticCNA
7.8 HIGH
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
acquiamautic
1.0.1 ≤
𝑥
< 4.4.13
acquiamautic
5.0.0 ≤
𝑥
< 5.1.1
acquiamautic
1.0.0
acquiamautic
1.0.0:beta3
acquiamautic
1.0.0:beta4
acquiamautic
1.0.0:rc1
acquiamautic
1.0.0:rc2
acquiamautic
1.0.0:rc3
acquiamautic
1.0.0:rc4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc