Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.
This vulnerability exists in the implementation of the GrapesJS builder in Mautic.
Metrics
Affected Vendors & Products
References
History
Wed, 02 Oct 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Acquia
Acquia mautic |
|
CPEs | cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* | |
Vendors & Products |
Acquia
Acquia mautic |
Tue, 17 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 17 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. This vulnerability exists in the implementation of the GrapesJS builder in Mautic. | |
Title | Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder) | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Mautic
Published: 2024-09-17T14:20:03.550Z
Updated: 2024-09-18T21:29:42.899Z
Reserved: 2021-03-02T15:53:50.859Z
Link: CVE-2021-27916
Vulnrichment
Updated: 2024-09-17T15:57:22.037Z
NVD
Status : Analyzed
Published: 2024-09-17T15:15:11.967
Modified: 2024-10-02T14:29:42.407
Link: CVE-2021-27916
Redhat
No data.