Sensitive Information Disclosure in Mautic by Vulnerable Configuration
CVE-2024-47056

5.1MEDIUM

Key Information:

Vendor

Mautic

Status
Vendor
CVE Published:
28 May 2025

What is CVE-2024-47056?

A security vulnerability in Mautic allows unauthorized access to sensitive .env configuration files via a web browser. This exposure can result in the disclosure of critical information, including database credentials and API keys, due to improper web server configurations that fail to restrict access to these files. An attacker can view the contents of the .env file simply by navigating to its URL. To mitigate this vulnerability, users should update to the latest version of Mautic and ensure proper web server configurations are in place. For Apache, configure .htaccess files appropriately, and for Nginx, add specific rules to deny access to .env files.

Affected Version(s)

Mautic > 4.4.0

References

CVSS V3.1

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

r3ky
r3ky
Lenon Leite
Nick Vanpraet
Patryk Gruszka
.
CVE-2024-47056 : Sensitive Information Disclosure in Mautic by Vulnerable Configuration