cbcvebase.
CVE-2024-47057
published 2025-05-28

CVE-2024-47057: SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by…

PriorityP431medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.27%
18.3th percentile
SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the "Forget your password" functionality. Differences in response times for existing and non-existing users, combined with a lack of request limiting, allow an attacker to determine the existence of usernames through a timing-based attack. MitigationPlease update to a version that addresses this timing vulnerability, where password reset responses are normalized to respond at the same time regardless of user existence.

Affected

4 ranges
VendorProductVersion rangeFixed in
mauticcore>= 1.0.0 < 4.4.164.4.16
mauticcore>= 5.0.0-alpha < 5.2.65.2.6
mauticcore>= 6.0.0-alpha < 6.0.26.0.2
mauticmautic>= > 1.0 < < 6.0.2, < 5.2.6, < 4.4.16< 6.0.2, < 5.2.6, < 4.4.16
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.