Moderate severityNVD Advisory· Published Sep 18, 2024· Updated Sep 18, 2024
Server-Side Request Forgery in Asset section
CVE-2022-25777
Description
Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mautic/corePackagist | >= 1.0.0-beta4, < 4.4.12 | 4.4.12 |
mautic/corePackagist | >= 5.0.0-alpha, < 5.0.4 | 5.0.4 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-mgv8-w49f-822wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-25777ghsaADVISORY
- github.com/mautic/mautic/commit/b4b4ab5f0613854152ceb7b5e5228acf50648fd0ghsaWEB
- github.com/mautic/mautic/commit/c54befd9eaaa49e4fc10a0fe22435c09ef2821b2ghsaWEB
- github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822wghsaWEB
News mentions
0No linked articles in our index yet.