In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.
Metrics
CVSS Version: 3.1 |
Base Score: 5.8 MEDIUM Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
l➤ Exploitability Metrics: Attack Vector (AV)* LOCAL Attack Complexity (AC)* HIGH Privileges Required (PR)* HIGH User Interaction (UI)* REQUIRED Scope (S)* UNCHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* LOW
Weakness Enumeration (CWE)
CWE-ID: CWE-200 CWE Name: CWE-200 Information Exposure Source: Mautic
Common Attack Pattern Enumeration and Classification (CAPEC)