CVE-2024-47055

Published: May 28, 2025

Modified: May 29, 2025

PUBLISHED

CVSS v3.1

4.3

MEDIUM

Description

SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the cloneAction of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones. MitigationUpdate Mautic to a version that implements proper authorization checks for the cloneAction within the ListController.php. Ensure that users attempting to clone segments possess the appropriate creation permissions.

Vendor	Product	Versions
Mautic	Mautic	affected `> 5.0.0 - < < 5.2.6, < 6.0.2`

Weaknesses (CWE)

CWE-862

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-47055

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References