CVE-2024-2731 MEDIUM

CVE-2024-2731: Improper Access Control Issues Lead to Sensitive Data Exposure in Mautic

Vendor Mautic
Product Mautic
Weakness CWE-284
Published April 10, 2024
Last update August 1, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available.

Key dates

02Disclosure timeline

April 10, 2024 CVE published
August 1, 2024 Record updated