CVE-2024-47053
published 2025-02-26CVE-2024-47053: This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to…
PriorityP348high7.7CVSS 3.1
AVNACLPRLUINSCCHINAN
EPSS
0.68%
47.8th percentile
This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. * Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the "Reporting Permissions > View Own" and "Reporting Permissions > View Others" permissions, which should restrict access to non-System Reports.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acquia | mautic | >= 1.0.1 < 5.2.3 | 5.2.3 |
| mautic | core | >= 1.0.1 < 5.2.3 | 5.2.3 |
| mautic | mautic_core | >= >= 1.0.1 < < 5.2.3 | < 5.2.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Mautic allows Improper Authorization in Reporting API
osv·2025-02-26
CVE-2024-47053 [HIGH] Mautic allows Improper Authorization in Reporting API
Mautic allows Improper Authorization in Reporting API
### Summary
This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data.
* **Improper Authorization:** An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the "Reporting Permissions > View Own" and "Reporting Permissions > View Others" permissions, which should restrict access to non-System Reports.
### Mitigation
Please update to Mautic 5.2.3 or later
### Workarounds
Disable the API in Mautic. See [documentati
GHSA
Mautic allows Improper Authorization in Reporting API
ghsa·2025-02-26
CVE-2024-47053 [HIGH] CWE-285 Mautic allows Improper Authorization in Reporting API
Mautic allows Improper Authorization in Reporting API
### Summary
This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data.
* **Improper Authorization:** An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the "Reporting Permissions > View Own" and "Reporting Permissions > View Others" permissions, which should restrict access to non-System Reports.
### Mitigation
Please update to Mautic 5.2.3 or later
### Workarounds
Disable the API in Mautic. See [documentati
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-02-26
Published