CVE-2024-47051
Missing Authentication for Critical Function (CWE-306)
Published: Sep 18, 2024
010
Medium Severity
(Estimated)
No EPSS yetCVE info copied to clipboard
Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable
Timeline
Detection in Vulnerability Scanners
Detection for the vulnerability has been added to Qualys (5001016)
Sep 18, 2024 at 7:53 AM
First Article
Feedly found the first article mentioning CVE-2024-47051. See article
Sep 18, 2024 at 10:12 PM / GitHub Advisory Database
CVSS Estimate
Feedly estimated the CVSS score as MEDIUM
Sep 18, 2024 at 10:12 PM
Patches
Github Advisory
+null more
Attack Patterns
CAPEC-12: Choosing Message Identifier
+null more
Vendor Advisory
[GHSA-qf6m-6m4g-rmrc] Mautic has insufficient authentication in upgrade flow
Mautic allows you to update the application via an upgrade script. Mautic allows you to update the application via an upgrade script.
News
CVE-2024-47051
This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be...
[GHSA-qf6m-6m4g-rmrc] Mautic has insufficient authentication in upgrade flow
Mautic allows you to update the application via an upgrade script. Mautic allows you to update the application via an upgrade script.