Home > Vulnerability Database > CVE-2024-47055

Mend.io Vulnerability Database

CVE-2024-47055

Good to know:

Date: May 28, 2025

SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the cloneAction of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones. MitigationUpdate Mautic to a version that implements proper authorization checks for the cloneAction within the ListController.php. Ensure that users attempting to clone segments possess the appropriate creation permissions.

Severity Score

4.3

Related Resources (4)

Url: https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-47055

Url: https://github.com/mautic/mautic

Url: https://www.mend.io/vulnerability-database/CVE-2024-47055

Severity Score

4.3

Weakness Type (CWE)

Improper Access Control

CWE-284

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version https://github.com/mautic/mautic.git - 6.0.2;https://github.com/mautic/mautic.git - 5.2.6

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-47055

Good to know:

Date: May 28, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?