How severe is CVE-2024-47055?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2024-47055?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2024-47055 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the cloneAction of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones. MitigationUpdate Mautic to a version that implements proper authorization checks for the cloneAction within the ListController.php. Ensure that users attempting to clone segments possess the appropriate creation permissions.

Related Vulnerabilities

CVE-2017-1000243

MEDIUM

CVSS:4.3(Medium)

Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

CWE-8622017

CVE-2017-1000388

MEDIUM

CVSS:4.3(Medium)

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modif...

CWE-8622017

CVE-2017-1000390

MEDIUM

CVSS:4.3(Medium)

Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.

CWE-8622017

CVE-2017-1000400

MEDIUM

CVSS:4.3(Medium)

The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current ...

CWE-8622017

CVE-2017-17693

MEDIUM

CVSS:4.3(Medium)

Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.

CWE-8622017

CVE-2017-2662

MEDIUM

CVSS:4.3(Medium)

A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respec...

CWE-8622017