Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names.
History

Tue, 24 Sep 2024 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Acquia
Acquia mautic
CPEs cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*
Vendors & Products Acquia
Acquia mautic

Wed, 18 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 18 Sep 2024 15:15:00 +0000

Type Values Removed Values Added
Description Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names.
Title Sensitive Data Exposure due to inadequate user permission settings
Weaknesses CWE-276
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mautic

Published: 2024-09-18T15:06:54.543Z

Updated: 2024-09-18T21:31:01.738Z

Reserved: 2022-02-22T20:17:36.805Z

Link: CVE-2022-25776

cve-icon Vulnrichment

Updated: 2024-09-18T15:59:00.957Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-18T15:15:13.620

Modified: 2024-09-24T15:19:46.117

Link: CVE-2022-25776

cve-icon Redhat

No data.