Description

This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. * Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the "Reporting Permissions > View Own" and "Reporting Permissions > View Others" permissions, which should restrict access to non-System Reports.

INFO

Published Date :

2025-02-26T11:54:17.219Z

Last Modified :

2025-03-12T19:51:32.738Z

Source :

Mautic
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47053 vulnerability.

Vendors Products
Acquia
  • Mautic
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47053.

URL Resource
https://cwe.mitre.org/data/definitions/287.html cve-icon cve-icon
https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings cve-icon cve-icon
https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact