fkie_nvd - fkie_cve-2017-1000489

fkie_cve-2017-1000489

Vulnerability from fkie_nvd

Published

2018-01-03 17:29

Modified

2024-11-21 03:04

Severity ?

8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address

References

▶	URL	Tags
	cve@mitre.org	https://github.com/mautic/mautic/releases/tag/2.12.0	Issue Tracking, Mitigation, Release Notes, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/mautic/mautic/releases/tag/2.12.0	Issue Tracking, Mitigation, Release Notes, Third Party Advisory

Impacted products

Vendor	Product	Version
acquia	mautic	2.0.0
acquia	mautic	2.0.1
acquia	mautic	2.1.0
acquia	mautic	2.1.1
acquia	mautic	2.2.0
acquia	mautic	2.2.1
acquia	mautic	2.3.0
acquia	mautic	2.4.0
acquia	mautic	2.5.0
acquia	mautic	2.5.1
acquia	mautic	2.6.0
acquia	mautic	2.6.1
acquia	mautic	2.7.0
acquia	mautic	2.7.1
acquia	mautic	2.8.0
acquia	mautic	2.8.1
acquia	mautic	2.8.2
acquia	mautic	2.9.0
acquia	mautic	2.9.1
acquia	mautic	2.10.0
acquia	mautic	2.10.1
acquia	mautic	2.11.0
mautic	mautic	2.9.0
mautic	mautic	2.9.2
mautic	mautic	2.10.0
mautic	mautic	2.11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3570E4D0-3F19-4343-B8D6-570693C231BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8183F886-F921-4B41-B4F4-BCADD1D82490",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "821E491B-4306-43D8-9884-D26D557B85C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "067FE5C3-BD71-4F6F-9777-9429FBCD2669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "352CCA25-B7E2-4878-83CD-D444DE1A4D8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F537D29E-267F-41DA-A7D6-EAE8F2F1D0B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6295440-4EB3-45EE-86B7-A06041580114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "65FE8140-C008-4271-862A-02D8338E7471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7F69C10-F74A-4399-9665-75C62AF1ABDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2343A267-12F1-4720-B548-74201E57CC72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CE6166-E6FA-40D7-9EA7-C329DA8396D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB0E77CC-1C9E-47A1-A48D-1A098537F1EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC4E6411-EF70-4AFA-A5EA-B4B31E3B87FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49602924-B1C2-40AB-9711-582B910C5135",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF326AC-1598-4E5D-9138-74C9BB07D217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59461408-E345-40BE-8E0F-F6A6963B3815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "504AFF4D-A70A-4AEB-A4F6-01146BD7DAFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.9.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "578537AC-BF31-43D7-B80A-B5AD235882A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "477202B1-9A31-4C8A-9B22-B296BC413838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.10.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "AF978F65-E884-4814-8C37-38F699720069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "95D68FA7-8E9C-4F94-89AC-05389DB5FC55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acquia:mautic:2.11.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "B650408E-4D7E-48C0-AF62-3C79DD5ACD52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mautic:mautic:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CEC05DD-9E41-4D78-9EDB-F086DFD0FD15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mautic:mautic:2.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6ECE904-F0B8-4194-B35B-1A7404602CA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mautic:mautic:2.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "09011058-0F31-4D8E-B1BB-3E3DC4437955",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mautic:mautic:2.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1A48919-3F8F-41FC-9831-45766D3C3478",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address"
    },
    {
      "lang": "es",
      "value": "Mautic, de la versi\u00f3n 2.0.0 a la 2.11.0, con un plugin SSO instalado podr\u00eda permitir que un usuario deshabilitado pueda seguir iniciando sesi\u00f3n mediante una direcci\u00f3n de correo electr\u00f3nico."
    }
  ],
  "id": "CVE-2017-1000489",
  "lastModified": "2024-11-21T03:04:51.063",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-03T17:29:00.197",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2017-1000489 (GCVE-0-2017-1000489)

Vulnerability from cvelistv5

Published

2018-01-03 17:00

Modified

2024-09-17 00:42

Severity ?

CWE

Summary

Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address

References

►

URL

Tags

https://github.com/mautic/mautic/releases/tag/2.12.0

x_refsource_CONFIRM