GHSA-mgv8-w49f-822w

Source

https://github.com/advisories/GHSA-mgv8-w49f-822w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-mgv8-w49f-822w/GHSA-mgv8-w49f-822w.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-mgv8-w49f-822w

Aliases

CVE-2022-25777

Published

2024-04-12T21:25:18Z

Modified

2024-09-18T19:08:42.991736Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

Mautic: MST-48 Server-Side Request Forgery in Asset section

Details

Impact

Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.

Patches

Update to 4.4.12 or 5.0.4

Workarounds

None

References

https://owasp.org/Top10/A102021-Server-SideRequestForgery%28SSRF%29/

If you have any questions or comments about this advisory:

Email us at security@mautic.org

Database specific

{
    "github_reviewed_at": "2024-04-12T21:25:18Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-918"
    ],
    "nvd_published_at": "2024-09-18T16:15:04Z"
}

References

Affected packages

Packagist / mautic/core

Package

Name: mautic/core
Purl: pkg:composer/mautic/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0-beta4

Fixed

4.4.12

Affected versions

1.*

1.0.0-beta4

1.0.0-rc1

1.0.0-rc2

1.0.0-rc3

1.0.0-rc4

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.1.0

1.1.1

1.1.2

1.1.3

1.2.0-beta1

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.3.0

1.3.1

1.4.0

1.4.1

2.*

2.0.0

2.0.1

2.1.0

2.1.1

2.2.0

2.2.1

2.3.0

2.4.0

2.5.0

2.5.1

2.6.0

2.6.1

2.7.0

2.7.1

2.8.0

2.8.1

2.8.2

2.9.0-beta

2.9.0

2.9.1

2.9.2

2.10.0-beta

2.10.0

2.10.1

2.11.0-beta

2.11.0

2.12.0-beta

2.12.0

2.12.1-beta

2.12.1

2.12.2-beta

2.12.2

2.13.0-beta

2.13.0

2.13.1

2.14.0-beta

2.14.0

2.14.1-beta

2.14.1

2.14.2-beta

2.14.2

2.15.0-beta

2.15.0

2.15.1-beta

2.15.1

2.15.2-beta

2.15.2

2.15.3-beta

2.15.3

2.16.0-beta

2.16.0

2.16.1-beta

2.16.1

2.16.2-beta

2.16.2

2.16.3-beta

2.16.3

2.16.4

2.16.5

3.*

3.0.0-alpha

3.0.0-beta

3.0.0-beta2

3.0.0

3.0.1

3.0.2-rc

3.0.2

3.1.0-rc

3.1.0

3.1.1-rc

3.1.1

3.1.2-rc

3.1.2

3.2.0-rc

3.2.0

3.2.1

3.2.2-rc

3.2.2

3.2.3

3.2.4

3.2.5-rc

3.2.5

3.3.0-rc

3.3.0

3.3.1

3.3.2-rc

3.3.2

3.3.3-rc

3.3.3

3.3.4

3.3.5

4.*

4.0.0-alpha1

4.0.0-beta

4.0.0-rc

4.0.0

4.0.1

4.0.2

4.1.0

4.1.1

4.1.2

4.2.0-rc

4.2.0-rc1

4.2.0

4.2.1

4.2.2

4.3.0-beta

4.3.0-rc

4.3.0

4.3.1

4.4.0-beta

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

4.4.6

4.4.7

4.4.8

4.4.9

4.4.10

4.4.11

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-mgv8-w49f-822w/GHSA-mgv8-w49f-822w.json"

Packagist / mautic/core

Package

Name: mautic/core
Purl: pkg:composer/mautic/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0.0-alpha

Fixed

5.0.4

Affected versions

5.*

5.0.0-alpha

5.0.0-alpha1

5.0.0-beta1

5.0.0-beta2

5.0.0-rc1

5.0.0-rc2

5.0.0

5.0.1

5.0.2

5.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-mgv8-w49f-822w/GHSA-mgv8-w49f-822w.json"