CVE-2022-25770: Mautic has insufficient authentication in upgrade flow
(updated )
Mautic allows you to update the application via an upgrade script.
The upgrade logic isn’t shielded off correctly, which may lead to vulnerable situation.
This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable
References
- github.com/advisories/GHSA-qf6m-6m4g-rmrc
- github.com/mautic/mautic
- github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca
- github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf
- github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc
- nvd.nist.gov/vuln/detail/CVE-2022-25770
Code Behaviors & Features
Detect and mitigate CVE-2022-25770 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →