The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 18 Sep 2024 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required. | |
Title | Improper Access Control in UI upgrade process | |
Weaknesses | CWE-287 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Mautic
Published: 2024-09-18T20:55:53.187Z
Updated: 2024-09-19T15:42:44.517Z
Reserved: 2022-02-22T20:17:36.803Z
Link: CVE-2022-25768
Vulnrichment
Updated: 2024-09-19T15:42:40.881Z
NVD
Status : Awaiting Analysis
Published: 2024-09-18T21:15:12.860
Modified: 2024-09-20T12:30:17.483
Link: CVE-2022-25768
Redhat
No data.