CVE-2024-2731: Improper Access Control Issues Lead to Sensitive Data Exposure in Mautic
First published: Wed Apr 10 2024(Updated: )
Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available.
Credit: vulnerability@ncsc.ch
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mautic |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-2731?
CVE-2024-2731 has been assessed as a medium severity vulnerability.
How do I fix CVE-2024-2731?
To fix CVE-2024-2731, restrict access to sensitive pages based on user roles and permissions.
Who is affected by CVE-2024-2731?
Users with low privileges in Mautic are affected by CVE-2024-2731.
What information can be exposed due to CVE-2024-2731?
CVE-2024-2731 can expose sensitive information such as company names and user identifiers.
Is there a patch available for CVE-2024-2731?
Check the latest updates from Mautic for patches related to CVE-2024-2731.
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mautic
- canonical/mautic