SB2024041525 - Multiple vulnerabilities in Mautic

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Stored cross-site scripting (CVE-ID: CVE-2021-27915)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the description fields within the Mautic application. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

2) Path traversal (CVE-ID: CVE-2021-27916)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in Mautic (GrapesJS). A remote user can send a specially crafted HTTP request and delete arbitrary files on the system.

3) SQL injection (CVE-ID: CVE-2022-25775)

The vulnerability allows a remote user to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data in dynamic Reports. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

4) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2022-25777)

The disclosed vulnerability allows a remote user to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input in Asset section. A remote administrator can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

5) Cross-site scripting (CVE-ID: CVE-2022-25774)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in Notifications within saving Dashboards. A remote user can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

6) Information disclosure (CVE-ID: CVE-2022-25776)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to inadequate user permission settings. A remote user can gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

• https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422
• https://github.com/mautic/mautic/releases/tag/5.0.4
• https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p
• https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94
• https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w
• https://github.com/mautic/mautic/security/advisories/GHSA-fhcx-f7jg-jx3f
• https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8