In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.
References
Link | Resource |
---|---|
https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx | Exploit Third Party Advisory |
Configurations
History
29 Jul 2022, 17:04
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-74 |
27 Mar 2021, 02:10
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CWE | CWE-732 | |
CPE | cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* | |
CPE | cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
References | (MISC) https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx - Exploit, Third Party Advisory | |
CWE | CWE-732 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CWE | CWE-732 | |
CWE | CWE-732 | |
References | (MISC) https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CPE | cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* | |
CWE | CWE-732 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CPE | cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* | |
CPE | cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
References | (MISC) https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* | |
CWE | CWE-732 | |
CWE | CWE-732 | |
References | (MISC) https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CPE | cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CWE | CWE-732 | |
References | (MISC) https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx - Exploit, Third Party Advisory | |
CWE | CWE-732 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CPE | cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* | |
CWE | CWE-732 | |
References | (MISC) https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CWE | CWE-732 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CPE | cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx - Exploit, Third Party Advisory | |
CWE | CWE-732 | |
CWE | CWE-732 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
References | (MISC) https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
CPE | cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* |
23 Mar 2021, 22:11
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CPE | ||
CWE | ||
CPE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CWE | ||
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CWE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CWE | ||
CWE |
23 Mar 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-23 20:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-27908
Mitre link : CVE-2021-27908
CVE.ORG link : CVE-2021-27908
JSON object : View
Products Affected
acquia
- mautic