CVE-2021-27916
Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder)
Severity Score
8.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.
This vulnerability exists in the implementation of the GrapesJS builder in Mautic.
*Credits:
Mattias Michaux, Lenon Leite, Adrian Schimpf, Avikarsha Saha, John Linhart
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-03-02 CVE Reserved
- 2024-09-17 CVE Published
- 2024-09-18 CVE Updated
- 2024-10-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
- CAPEC-139: Relative Path Traversal
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mautic Search vendor "Mautic" | Mautic Search vendor "Mautic" for product "Mautic" | <= 4.4.11 Search vendor "Mautic" for product "Mautic" and version " <= 4.4.11" | en |
Affected
| ||||||
| Mautic Search vendor "Mautic" | Mautic Search vendor "Mautic" for product "Mautic" | <= 5.0.3 Search vendor "Mautic" for product "Mautic" and version " <= 5.0.3" | en |
Affected
| ||||||