Sensitive Information Disclosure in Mautic by Vulnerable Configuration
CVE-2024-47056
5.1MEDIUM
What is CVE-2024-47056?
A security vulnerability in Mautic allows unauthorized access to sensitive .env configuration files via a web browser. This exposure can result in the disclosure of critical information, including database credentials and API keys, due to improper web server configurations that fail to restrict access to these files. An attacker can view the contents of the .env file simply by navigating to its URL. To mitigate this vulnerability, users should update to the latest version of Mautic and ensure proper web server configurations are in place. For Apache, configure .htaccess files appropriately, and for Nginx, add specific rules to deny access to .env files.
Affected Version(s)
Mautic > 4.4.0