cbcvebase.
CVE-2024-47053
published 2025-02-26

CVE-2024-47053: This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to…

PriorityP348high7.7CVSS 3.1
AVNACLPRLUINSCCHINAN
EPSS
0.68%
47.8th percentile
This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data.

* Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the "Reporting Permissions > View Own" and "Reporting Permissions > View Others" permissions, which should restrict access to non-System Reports.

Affected

3 ranges
VendorProductVersion rangeFixed in
acquiamautic>= 1.0.1 < 5.2.35.2.3
mauticcore>= 1.0.1 < 5.2.35.2.3
mauticmautic_core>= >= 1.0.1 < < 5.2.3< 5.2.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.