CVE-2024-47055
Last modified
CVE-2024-47055 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the cloneAction of the segment management. EPSS estimates a 0.21% chance of exploitation in the next 30 days.
Description
SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the cloneAction of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones. MitigationUpdate Mautic to a version that implements proper authorization checks for the cloneAction within the ListController.php. Ensure that users attempting to clone segments possess the appropriate creation permissions.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Acquia | Mautic | >= 5.0.0, < 5.2.6 |
| Acquia | Mautic | >= 6.0.0, < 6.0.2 |
References
- https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-47055?
How severe is CVE-2024-47055?
How do I fix CVE-2024-47055?
Are you affected by CVE-2024-47055?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST