CVE-2022-25770: Mautic has insufficient authentication in upgrade flow

September 19, 2024

Mautic allows you to update the application via an upgrade script.

The upgrade logic isn’t shielded off correctly, which may lead to vulnerable situation.

This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.

References

github.com/advisories/GHSA-5hc5-fxr9-5frc
github.com/mautic/mautic
github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc
nvd.nist.gov/vuln/detail/CVE-2022-25770

Detect and mitigate CVE-2022-25770 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →