CVE-2022-25770

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-25770

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25770.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-25770

Aliases

GHSA-qf6m-6m4g-rmrc

Published

2024-09-18T22:15:03.827Z

Modified

2026-02-13T08:48:30.711662Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Mautic allows you to update the application via an upgrade script.

The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.

This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.

References

https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc

Affected packages

Git / github.com/mautic/mautic

Affected ranges

Type: GIT
Repo: https://github.com/mautic/mautic
Events: Introduced

96b53794017cde917e1e4262ebaaae5099e3586a

Fixed

8fa5a716b3082edb6bf3f2c10ab8025729d95a9c

Introduced

e8f705b9c1990077aa944ef2aaf5b705591bfe05

Fixed

181701cd7ca43122c151e8a46700b223379fa8d1

Affected versions

1.*

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.1.0

1.1.1

1.1.2

1.1.3

1.2.0

1.2.0-beta1

1.2.1

1.2.2

1.2.3

1.2.4

1.3.0

1.3.1

1.4.0

1.4.1

2.*

2.0.0

2.0.1

2.1.0

2.1.1

2.10.0

2.10.0-beta

2.10.1

2.11.0

2.12.0

2.12.1

2.12.2

2.12.2-beta

2.13.0

2.13.1

2.14.0

2.14.0-beta

2.14.1

2.14.1-beta

2.14.2

2.14.2-beta

2.15.0

2.15.1

2.15.1-beta

2.15.2-beta

2.15.3-beta

2.16.0-beta

2.16.2

2.16.2-beta

2.2.0

2.2.1

2.3.0

2.4.0

2.5.0

2.5.1

2.6.0

2.6.1

2.7.0

2.7.1

2.8.0

2.8.1

2.8.2

2.9.0

2.9.1

2.9.2

3.*

3.0.0

3.0.0-8885

3.0.0-alpha

3.0.0-beta

3.0.0-beta2

3.0.1

3.0.2

3.0.2-rc

3.1.0

3.1.0-rc

3.1.1

3.1.1-rc

3.1.2

3.1.2-rc

3.2.0

3.2.0-rc

3.2.1

3.2.2

3.2.2-rc

3.2.3

3.2.4

3.2.5-rc

3.3.0-rc

3.3.2

3.3.2-rc

4.*

4.0.0

4.0.0-alpha1

4.0.0-beta

4.0.0-rc

4.1.0

4.1.1

4.1.2

4.2.0

4.3.0

4.3.0-beta

4.3.0-rc

4.3.1

4.4.0

4.4.0-beta

4.4.1

4.4.10

4.4.11

4.4.12

4.4.2

4.4.3

4.4.4

4.4.5

4.4.6

4.4.7

4.4.8

4.4.9

5.*

5.0.0

5.0.1

5.0.2

5.1.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25770.json"