{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-10T18:17:21.251","vulnerabilities":[{"cve":{"id":"CVE-2024-47055","sourceIdentifier":"security@mautic.org","published":"2025-05-28T18:15:24.930","lastModified":"2025-10-03T14:11:44.813","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks.\n\nInsecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the cloneAction of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones.\n\nMitigationUpdate Mautic to a version that implements proper authorization checks for the cloneAction within the ListController.php. Ensure that users attempting to clone segments possess the appropriate creation permissions."},{"lang":"es","value":"Resumen: Este aviso aborda una vulnerabilidad de seguridad en Mautic relacionada con la función de clonación de segmentos. Esta vulnerabilidad permite a cualquier usuario autenticado clonar segmentos sin las comprobaciones de autorización adecuadas. Referencia directa a objeto insegura (IDOR) / Falta de autorización: Existe una vulnerabilidad de falta de autorización en la acción cloneAction de la administración de segmentos. Esto permite a un usuario autenticado eludir las restricciones de permisos previstas y clonar segmentos incluso si no cuenta con los permisos necesarios para crear nuevos. Mitigación: Actualice Mautic a una versión que implemente las comprobaciones de autorización adecuadas para la acción cloneAction dentro de ListController.php. Asegúrese de que los usuarios que intenten clonar segmentos posean los permisos de creación adecuados."}],"metrics":{"cvssMetricV31":[{"source":"security@mautic.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@mautic.org","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.2.6","matchCriteriaId":"28D0344B-E313-4B70-BE1A-203412516DBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.0.2","matchCriteriaId":"7E3CB2C3-C981-460E-BA2E-5B00EE3A7193"}]}]}],"references":[{"url":"https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782","source":"security@mautic.org","tags":["Mitigation","Vendor Advisory"]}]}}]}