Primary

Context

Mautic Docker Images Information Disclosure Vulnerability

Vulnerability

A moderate information disclosure vulnerability has been identified in Mautic Docker images, specifically in versions prior to 6.0.3-20250707-apache, 6.0.3-20250707-fpm, and 5.2.7-20250707-apache and fpm. This vulnerability arises from PHP's base image, which exposes the PHP version through an X-Powered-By header. Attackers could exploit this information to fingerprint the server and identify potential weaknesses.

Impact

Exploitation of this vulnerability allows for information disclosure, specifically the PHP version, which could be used to fingerprint the server and identify vulnerabilities.

Remediation

To mitigate this vulnerability, change the 'expose_php' variable from 'On' to 'Off' in the php.ini file located at '/usr/local/etc/php/'.

Added: Jul 9, 2025, 4:16 PM

Updated: Jul 9, 2025, 4:16 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

8.3

remediation

8.3

relevance

0.2

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

8.3

remediation

8.3

relevance

0.2

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mautic Docker Images Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

mautic/mautic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating