CVE-2022-25776: Mautic Sensitive Data Exposure due to inadequate user permission settings
(updated )
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.
Users could potentially access sensitive data such as names and surnames, company names and stage names.
References
- github.com/advisories/GHSA-qjx3-2g35-6hv8
- github.com/mautic/mautic
- github.com/mautic/mautic/commit/22bdd0796ca6e1e985708b89ad5c07147630fecd
- github.com/mautic/mautic/commit/2cc4af975fe01c264d439acc1451c936e7114644
- github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8
- nvd.nist.gov/vuln/detail/CVE-2022-25776
Detect and mitigate CVE-2022-25776 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →