CVE-2022-25776

Medium

Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from…

Mautic·CWE-276·Published 2024-04-12

CVSS

6.5

EPSS

0.00

KEV

Exploits

cve.orgen

251 chars

Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names.

NVDen

251 chars

OSV.deven

413 chars

### Impact Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names. ### Patches Update to 4.4.12 and 5.0.4 ### Workarounds No ### References https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure

GHSAen

413 chars

NVDes

261 chars

Antes de la versión parcheada, los usuarios registrados de Mautic podían acceder a áreas de la aplicación a las que no deberían tener acceso. Los usuarios podrían acceder a datos confidenciales como nombres y apellidos, nombres de empresas y nombres artísticos.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.3	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
3.1	Primary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3.1	Secondary	GHSA	8.3	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
3.1	Secondary	NVD	8.3	2.8	5.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H