Insecure Direct Object Reference in Mautic's Segment Cloning Functionality
CVE-2024-47055
4.3MEDIUM
What is CVE-2024-47055?
This advisory details a security vulnerability in Mautic associated with its segment cloning feature. The vulnerability arises from a missing authorization check within the cloneAction of the segment management functionality. This oversight allows any authenticated user to clone segments even if they do not possess the appropriate permissions to perform such actions. To mitigate this issue, it is essential to update to a newer version of Mautic, which incorporates the necessary authorization checks to ensure that only users with the correct permissions can clone segments.
Affected Version(s)
Mautic > 5.0.0
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Abhisek Mazumdar
Abhisek Mazumdar
Patryk Gruszka
Abhisek Mazumdar
Nick Vanpraet