5.3
CVE-2024-2730
- EPSS 0.51%
- Veröffentlicht 10.04.2024 14:15:07
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle vulnerability@ncsc.ch
- CVE-Watchlists
- Unerledigt
Predictable Page Indexing Might Lead to Sensitive Data Exposure in Mautic
Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellermautic
≫
Produkt
mautic
Default Statusaffected
Version <=
4.4.9
Version
0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.396 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| vulnerability@ncsc.ch | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-425 Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
https://huntr.com/bounties/cd3321a4-9ebc-48fa-8d4c-b5720089c2d9