CVE-2021-27908

Incorrect Permission Assignment for Critical Resource in packagist/mautic/core

Identifier

CVE-2021-27908

Package Slug

packagist/mautic/core

Vulnerability

Incorrect Permission Assignment for Critical Resource

Description

Secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.

Affected Versions

All versions before 3.3.2

Solution

Upgrade to version 3.3.2 or above.

Last Modified

2021-03-29

source