CVE-2024-47053

High CVSS: 7.7

This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data.

* Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the "Reporting Permissions > View Own" and "Reporting Permissions > View Others" permissions, which should restrict access to non-System Reports.

Vendor

Acquia

Product

Mautic

CWE

CWE-285

Yayın Tarihi

2025-02-26 13:15:40

Güncelleme

2025-10-16 17:12:07

Source Identifier

security@mautic.org

KEV Date Added

Kategoriler

CWE-285 Mautic HIGH Acquia 2025

Referanslar

https://cwe.mitre.org/data/definitions/287.html https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc

Benzer Kayıtlar

High

CVE-2026-3105

SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities.…

High

CVE-2025-14472

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issu…

High

CVE-2025-9954

Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.…

Medium

CVE-2024-47055

SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vul…

Critical

CVE-2024-47051

This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabili…

Medium

CVE-2022-25773

This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories…