GHSA-5hc5-fxr9-5frc: Duplicate Advisory: Mautic has insufficient authentication in upgrade flow

September 19, 2024 (updated February 21, 2025)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-qf6m-6m4g-rmrc. This link is maintained to preserve external references.

Original Description

Mautic allows you to update the application via an upgrade script.

The upgrade logic isn’t shielded off correctly, which may lead to vulnerable situation.

This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.

References

github.com/advisories/GHSA-5hc5-fxr9-5frc
github.com/mautic/mautic
github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc
nvd.nist.gov/vuln/detail/CVE-2022-25770

Detect and mitigate GHSA-5hc5-fxr9-5frc with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →