Description

SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the cloneAction of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones. MitigationUpdate Mautic to a version that implements proper authorization checks for the cloneAction within the ListController.php. Ensure that users attempting to clone segments possess the appropriate creation permissions.

INFO

Published Date :

2025-05-28T17:34:32.181Z

Last Modified :

2025-05-29T19:02:53.247Z

Source :

Mautic
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47055 vulnerability.

Vendors Products
Acquia
  • Mautic
Mautic
  • Mautic
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47055.

URL Resource
https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact