CVE-2024-47055

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mautic (affected versions not specified)

Description The issue is related to the segment cloning functionality in Mautic, allowing any authenticated user to clone segments without proper authorization checks due to a missing authorization vulnerability in the cloneAction of the segment management. This enables an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones.

Recommendations Update Mautic to a version that implements proper authorization checks for the cloneAction within the ListController.php, ensuring that users attempting to clone segments possess the appropriate creation permissions.

Fix

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

CVE-2024-47055

GHSA-VPH5-GHQ3-Q782

Affected Products

Mautic

CVE-2024-47055

Weakness Enumeration

Related Identifiers

Affected Products

References · 7