In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.
References
Link | Resource |
---|---|
https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mautic
Published: 2021-03-22T00:00:00
Updated: 2021-03-23T19:11:56
Reserved: 2021-03-02T00:00:00
Link: CVE-2021-27908
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-23T20:15:13.310
Modified: 2022-07-29T17:04:14.773
Link: CVE-2021-27908
JSON object: View
Redhat Information
No data.