CVE-2024-47055

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-47055
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47055.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-47055
Aliases
Published
2025-05-28T18:15:24.930Z
Modified
2026-04-10T05:18:07.742734Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks.

Insecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the cloneAction of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones.

MitigationUpdate Mautic to a version that implements proper authorization checks for the cloneAction within the ListController.php. Ensure that users attempting to clone segments possess the appropriate creation permissions.

References

Affected packages

Git / github.com/mautic/mautic

Affected ranges

Type
GIT
Repo
https://github.com/mautic/mautic
Events
Introduced
96b53794017cde917e1e4262ebaaae5099e3586a
Fixed
3e00c36f264769446013b59944a52db2917b9388
Introduced
12f062e87dd1c470893724b12be7b623ecd22f2b
Fixed
2d36a94d11b91a3c056a607a716b1404b6ce5f69
Database specific 
{
    "versions": [
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.2.6"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.0.2"
        }
    ]
}

Affected versions

5.*
5.0.0
5.1.0
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
6.*
6.0.0
6.0.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47055.json"