How severe is CVE-2024-47053?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.7 out of 10.

What type of vulnerability is CVE-2024-47053?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2024-47053 - HIGH Severity | CVSS 7.7

Vulnerability Description

This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. * Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the "Reporting Permissions > View Own" and "Reporting Permissions > View Others" permissions, which should restrict access to non-System Reports.

Related Vulnerabilities

CVE-2020-16096

HIGH

CVSS:7.7(High)

In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has ac...

CWE-2852020

CVE-2022-31668

HIGH

CVSS:7.7(High)

Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authentica...

CWE-2852022

CVE-2022-31669

HIGH

CVSS:7.7(High)

Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently ...

CWE-2852022

CVE-2022-31670

HIGH

CVSS:7.7(High)

Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that belongs to a project that the currently authen...

CWE-2852022

CVE-2014-9945

HIGH

CVSS:7.8(High)

In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.

CWE-2852014

CVE-2014-9950

HIGH

CVSS:7.8(High)

In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.

CWE-2852014