CVE-2021-27916: Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder)
First published: Fri Apr 12 2024(Updated: )
### Impact Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. This vulnerability exists in the implementation of the GrapesJS builder in Mautic. ### Patches Update to 4.4.12 or 5.0.4. ### Workarounds No ### References - https://cwe.mitre.org/data/definitions/23.html - https://cwe.mitre.org/data/definitions/22.html - https://attack.mitre.org/techniques/T1630/002/ ### For more information If you have any questions or comments about this advisory: Email us at [security@mautic.org](mailto:security@mautic.org)
Credit: security@mautic.org security@mautic.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/mautic/core | >=5.0.0-alpha<5.0.4 | 5.0.4 |
| composer/mautic/core | >=3.3.0<4.4.12 | 4.4.12 |
| Mautic | >=3.3.0<4.4.12 | |
| Mautic | >=5.0.0<5.0.4 |
Remedy
Upgrade to 4.4.12 or 5.0.4 or higher.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p
- https://github.com/mautic/mautic/commit/546045ff9c74dd8b3dac36c4ab3674380262c65a
- https://github.com/mautic/mautic/commit/95e8df3ae6730c725f1848d70e7992da369518f3
- https://github.com/advisories/GHSA-9fcx-cv56-w58p (Advisory)
- https://nvd.nist.gov/vuln/detail/CVE-2021-27916
Frequently Asked Questions
What is the severity of CVE-2021-27916?
CVE-2021-27916 is classified as a significant vulnerability due to the potential for arbitrary file deletion by logged-in users.
How do I fix CVE-2021-27916?
To fix CVE-2021-27916, upgrade to Mautic version 5.0.4 or later, or version 4.4.12 or later.
Who is affected by CVE-2021-27916?
Users of the Mautic application prior to versions 5.0.4 and 4.4.12 are affected by CVE-2021-27916.
What types of files can be deleted due to CVE-2021-27916?
CVE-2021-27916 allows logged-in users to delete various files outside of specified media folders, including system files and libraries.
What functionality is impacted by CVE-2021-27916?
CVE-2021-27916 impacts the file management functionality of Mautic, enabling unauthorized deletion of files by users.
- agent/first-publish-date
- agent/title
- agent/remedy
- agent/type
- agent/description
- agent/severity
- agent/references
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/weakness
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-9fcx-cv56-w58p
- alias/CVE-2021-27916
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- collector/github-advisory
- agent/trending
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- package-manager/composer
- vendor/acquia
- canonical/mautic
- version/mautic/3.3.0
- version/mautic/5.0.0