CVE-2021-27908

In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.

CVSS v3 4.4 MEDIUM
CVSS v2.0 2.1 LOW

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*

History

29 Jul 2022, 17:04

Type	Values Removed	Values Added
CWE	~~CWE-732~~	CWE-74

Information

Published : 2021-03-23 20:15

Updated : 2024-02-04 21:23

NVD link : CVE-2021-27908

Mitre link : CVE-2021-27908

CVE.ORG link : CVE-2021-27908

JSON object : View

Products Affected

acquia

mautic

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2021-27908", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "security@mautic.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 0.3}]}, "published": "2021-03-23T20:15:13.310", "references": [{"url": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx", "tags": ["Exploit", "Third Party Advisory"], "source": "security@mautic.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}, {"type": "Secondary", "source": "security@mautic.org", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic\u2019s configuration that are used in publicly facing parts of the application."}, {"lang": "es", "value": "En todas las versiones anteriores a Mautic 3.3.2, par\u00e1metros secretos, como las credenciales de la base de datos, pod\u00edan ser expuestos p\u00fablicamente por un usuario administrador autorizado aprovechando la sintaxis de los par\u00e1metros Symfony en cualquiera de los campos de texto libre en la configuraci\u00f3n de Mautic que son usadas en las partes de la aplicaci\u00f3n de cara al p\u00fablico"}], "lastModified": "2022-07-29T17:04:14.773", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8C98868-2DB4-48C5-8238-3AA1FA7B936B", "versionEndExcluding": "3.3.2"}], "operator": "OR"}]}], "sourceIdentifier": "security@mautic.org"}