CVE-2024-2730: Predictable Page Indexing Might Lead to Sensitive Data Exposure in Mautic
First published: Wed Apr 10 2024(Updated: )
Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available
Credit: vulnerability@ncsc.ch
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mautic |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-2730?
CVE-2024-2730 has a high severity due to the potential exposure of sensitive data through publicly accessible unpublished landing pages.
How do I fix CVE-2024-2730?
Currently, there is no available patch to fix CVE-2024-2730, so affected users should monitor for updates from Mautic.
What data is exposed in CVE-2024-2730?
CVE-2024-2730 can expose sensitive content located in unpublished landing pages accessible through predictable URLs.
Who is affected by CVE-2024-2730?
Users of Mautic are affected by CVE-2024-2730, particularly those utilizing unpublished landing pages.
How can I mitigate risks associated with CVE-2024-2730?
To mitigate risks, users should restrict access to unpublished landing pages and monitor Mautic for future security updates.
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mautic
- canonical/mautic