Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. This vulnerability exists in the implementation of the GrapesJS builder in Mautic.
History

Wed, 02 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Acquia
Acquia mautic
CPEs cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*
Vendors & Products Acquia
Acquia mautic

Tue, 17 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 17 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Description Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. This vulnerability exists in the implementation of the GrapesJS builder in Mautic.
Title Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder)
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mautic

Published: 2024-09-17T14:20:03.550Z

Updated: 2024-09-18T21:29:42.899Z

Reserved: 2021-03-02T15:53:50.859Z

Link: CVE-2021-27916

cve-icon Vulnrichment

Updated: 2024-09-17T15:57:22.037Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-17T15:15:11.967

Modified: 2024-10-02T14:29:42.407

Link: CVE-2021-27916

cve-icon Redhat

No data.