How to fix CVE-2024-47055?

During next maintenance window: Identify affected systems and apply vendor patches when convenient. Monitor vendor channels for patch availability.

Is PHP affected by CVE-2024-47055?

CVE-2024-47055 presents moderate security risk, a missing authorization vulnerability rated CVSS 4.3. Attackers could gain access beyond their authorized level. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2024-47055

MEDIUM

2025-05-28 [email protected]

4.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 18:44 vuln.today

CVE Published

May 28, 2025 - 18:15 nvd

MEDIUM 4.3

Description

SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the cloneAction of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones. MitigationUpdate Mautic to a version that implements proper authorization checks for the cloneAction within the ListController.php. Ensure that users attempting to clone segments possess the appropriate creation permissions.

Analysis

SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical Context

This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the cloneAction of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones. MitigationUpdate Mautic to a version that implements proper authorization checks for the cloneAction within the ListController.php. Ensure that users attempting to clone segments possess the appropriate creation permissions. Affected products include: Acquia Mautic.

Affected Products

Acquia Mautic.

Remediation

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +22

POC: 0

CVE-2024-47055 vulnerability details – vuln.today

Back

CVE-2024-47055

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2024-47055

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code