Lucene search

NCSC.chCVELIST:CVE-2024-2730

HistoryApr 10, 2024 - 1:59 p.m.

CVE-2024-2730 Predictable Page Indexing Might Lead to Sensitive Data Exposure in Mautic

2024-04-1013:59:36

CWE-425

NCSC.ch

www.cve.org

mautic

predictable page indexing

sensitive data

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

9.0%

JSON

Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Mautic",
    "programFiles": [
      "https://github.com/mautic/mautic/blob/4.4.9/app/bundles/PageBundle/Controller/PageController.php#L331"
    ],
    "repo": "https://github.com/mautic/mautic",
    "vendor": "Mautic",
    "versions": [
      {
        "lessThanOrEqual": "4.4.9",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

huntr.com/bounties/cd3321a4-9ebc-48fa-8d4c-b5720089c2d9

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-2730