Skip to content

Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder

High severity GitHub Reviewed Published Apr 11, 2024 in mautic/mautic • Updated Apr 12, 2024

Package

composer mautic/core (Composer)

Affected versions

>= 3.3.0, < 4.4.12
>= 5.0.0-alpha, < 5.0.4

Patched versions

4.4.12
5.0.4

Description

Impact

Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.

This vulnerability exists in the implementation of the GrapesJS builder in Mautic.

Patches

Update to 4.4.12 or 5.0.4.

Workarounds

No

References

For more information

If you have any questions or comments about this advisory:

Email us at security@mautic.org

References

@RCheesley RCheesley published to mautic/mautic Apr 11, 2024
Published to the GitHub Advisory Database Apr 12, 2024
Reviewed Apr 12, 2024
Last updated Apr 12, 2024

Severity

High
8.1
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Weaknesses

CVE ID

CVE-2021-27916

GHSA ID

GHSA-9fcx-cv56-w58p

Source code

Credits

Checking history
See something to contribute? Suggest improvements for this vulnerability.