CVE-2022-25777: Mautic: MST-48 Server-Side Request Forgery in Asset section
(updated )
Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.
References
- github.com/advisories/GHSA-mgv8-w49f-822w
- github.com/mautic/mautic
- github.com/mautic/mautic/commit/b4b4ab5f0613854152ceb7b5e5228acf50648fd0
- github.com/mautic/mautic/commit/c54befd9eaaa49e4fc10a0fe22435c09ef2821b2
- github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w
- nvd.nist.gov/vuln/detail/CVE-2022-25777
Detect and mitigate CVE-2022-25777 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →