CVE-2024-47055
📋 TL;DR
This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Mautic's segment cloning functionality. Any authenticated user can clone segments without proper authorization checks, even if they lack permission to create new segments. This affects all Mautic installations with authenticated users.
💻 Affected Systems
- Mautic
📦 What is this software?
Mautic by Acquia
Mautic by Acquia
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could clone sensitive segments containing customer data, potentially accessing or exfiltrating protected information, and create unauthorized segments that disrupt marketing operations.
Likely Case
Low-privileged users gain unauthorized access to clone segments they shouldn't have access to, potentially viewing sensitive segment criteria or creating duplicate segments that clutter the system.
If Mitigated
With proper authorization checks, only users with appropriate create permissions can clone segments, limiting the impact to authorized personnel only.
🎯 Exploit Status
Exploitation requires authenticated access but no special permissions. The vulnerability is in the cloneAction of ListController.php.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in advisory, but fixed versions exist
Vendor Advisory: https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782
Restart Required: No
Instructions:
1. Update Mautic to the latest patched version. 2. Verify the update includes proper authorization checks in ListController.php cloneAction. 3. Test segment cloning with low-privilege users to confirm fix.
🔧 Temporary Workarounds
Disable segment cloning
allTemporarily disable the segment cloning functionality until patching can be completed
Modify ListController.php to remove or comment out cloneAction
Restrict user permissions
allReview and tighten user permissions to minimize potential impact
Audit all user accounts and remove unnecessary segment-related permissions
🧯 If You Can't Patch
- Implement strict access controls and monitor for unauthorized segment cloning activity
- Regularly audit segment changes and review logs for suspicious cloning attempts
🔍 How to Verify
Check if Vulnerable:
Test with a low-privilege authenticated user attempting to clone segments they shouldn't have access toCheck Version:
Check Mautic version in admin panel or via composer show mautic/coreVerify Fix Applied:
Verify that low-privilege users cannot clone segments without proper create permissions📡 Detection & Monitoring
Log Indicators:
- Multiple segment clone requests from low-privilege users
- Unusual segment creation patterns
Network Indicators:
- HTTP POST requests to segment clone endpoints from unauthorized users
SIEM Query:
source="mautic_logs" AND (action="segment_clone" OR endpoint="/s/segments/clone") AND user_permission_level="low"