SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks.

Insecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the cloneAction of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones.

MitigationUpdate Mautic to a version that implements proper authorization checks for the cloneAction within the ListController.php. Ensure that users attempting to clone segments possess the appropriate creation permissions.
Advisories
Source ID Title
EUVD EUVD EUVD-2024-54604 Mautic segment cloning doesn't have a proper permission check
Github GHSA Github GHSA GHSA-vph5-ghq3-q782 Mautic segment cloning doesn't have a proper permission check
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 03 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Acquia
Acquia mautic
CPEs cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*
Vendors & Products Acquia
Acquia mautic

Thu, 29 May 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 28 May 2025 17:45:00 +0000

Type Values Removed Values Added
Description SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the cloneAction of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones. MitigationUpdate Mautic to a version that implements proper authorization checks for the cloneAction within the ListController.php. Ensure that users attempting to clone segments possess the appropriate creation permissions.
Title Segment cloning doesn't have a proper permission check
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mautic

Published:

Updated: 2025-05-29T19:02:53.247Z

Reserved: 2024-09-17T13:41:00.584Z

Link: CVE-2024-47055

cve-icon Vulnrichment

Updated: 2025-05-29T19:02:48.383Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-28T18:15:24.930

Modified: 2025-10-03T14:11:44.813

Link: CVE-2024-47055

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-13T11:31:20Z