CVE-2024-47056

Name of the Vulnerable Software and Affected Versions Mautic (affected versions not specified)

Description The issue concerns the potential exposure of sensitive information, including database credentials, API keys, and other critical system configurations, due to the direct accessibility of .env configuration files via a web browser. This is caused by missing web server configurations that restrict access to such files, allowing an unauthenticated attacker to view the contents of the .env file by navigating to its URL.

Recommendations Update Mautic to the latest version. For Apache users: Ensure your web server is configured to respect .htaccess files. For Nginx users: Add a configuration block to your Nginx server configuration to deny access to .env files by including the following in your Nginx configuration for the Mautic site: location ~ /.env { deny all; } After modifying your Nginx configuration, remember to reload or restart your Nginx service for the changes to take effect.