CVE-2024-2730

Summary

Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available

Affected Software

VendorProductVersion RangeStatus
MauticMautic0 <= 4.4.9affected

Weaknesses

  • CWE-425: CWE-425 Direct Request ('Forced Browsing')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References