CVE-2024-47059

EPSS 0.16%
Published 18.09.2024 22:15:04
Last modified 27.02.2025 19:30:33
Source security@mautic.org
Teams watchlist Login
Open Login

When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak.

However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification.

This difference could be used to perform username enumeration.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Acquia ≫ Mautic Version5.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.368

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security@mautic.org	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/mautic/mautic/security/advisories/GHSA-8vff-35qm-qjvv

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-47059

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47059

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47059

EUVD