Lucene search

[email protected]CVE-2024-2730

HistoryApr 10, 2024 - 2:15 p.m.

CVE-2024-2730

2024-04-1014:15:07

CWE-425

[email protected]

web.nvd.nist.gov

mautic

landing pages

sensitive data

unauthenticated access

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Mautic",
    "programFiles": [
      "https://github.com/mautic/mautic/blob/4.4.9/app/bundles/PageBundle/Controller/PageController.php#L331"
    ],
    "repo": "https://github.com/mautic/mautic",
    "vendor": "Mautic",
    "versions": [
      {
        "lessThanOrEqual": "4.4.9",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

huntr.com/bounties/cd3321a4-9ebc-48fa-8d4c-b5720089c2d9

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-2730

cvelist1 nvd1