CVE-2021-27908: Mautic vulnerable to secret data exfiltration via symfony parameters
5.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.30054%
CWE
Published
4/6/2021
Updated
2/5/2024
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
mautic/core | composer | < 3.3.2 | 3.3.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from two key mechanisms: 1) The configuration system's parameter merging that accepts untrusted input containing parameter references, and 2) The template rendering system that resolves these references in public-facing contexts. The Configurator::mergeParameters
function is vulnerable because it allows parameter injection through user-controlled fields. The TwigExtension::getParameter
method is vulnerable because it enables parameter resolution in templates without proper access controls. Together, these functions create a chain that allows admin users to exfiltrate secrets through parameter interpolation in public outputs.