CVE-2024-2730 MEDIUM

CVE-2024-2730: Predictable Page Indexing Might Lead to Sensitive Data Exposure in Mautic

Vendor Mautic
Product Mautic
Weakness CWE-425 · Forced browsing
Published April 10, 2024
Last update August 9, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available

Key dates

02Disclosure timeline

April 10, 2024 CVE published
August 9, 2024 Record updated