Search for vulnerabilities
| Vulnerability ID | VCID-6yv4-1yes-hkfs |
| Aliases |
CVE-2024-47056
GHSA-h2wg-v8wg-jhxh |
| Summary | Mautic does not shield .env files from web traffic This advisory addresses a security vulnerability in Mautic where sensitive `.env` configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system configurations. Sensitive Information Disclosure via `.env` File Exposure: The `.env` file, which typically contains environment variables and sensitive application configurations, is directly accessible via a web browser due to missing web server configurations that restrict access to such files. This allows an unauthenticated attacker to view the contents of this file by simply navigating to its URL. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 6.2 |
| Risk | 3.1 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| epss | 0.00049 | https://api.first.org/data/v1/epss?cve=CVE-2024-47056 |
| cvssv3.1 | 5.1 | https://github.com/mautic/mautic |
| generic_textual | MODERATE | https://github.com/mautic/mautic |
| cvssv3.1 | 5.1 | https://github.com/mautic/mautic/security/advisories/GHSA-h2wg-v8wg-jhxh |
| generic_textual | MODERATE | https://github.com/mautic/mautic/security/advisories/GHSA-h2wg-v8wg-jhxh |
| ssvc | Track | https://github.com/mautic/mautic/security/advisories/GHSA-h2wg-v8wg-jhxh |
| cvssv3.1 | 5.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-47056 |
| generic_textual | MODERATE | https://nvd.nist.gov/vuln/detail/CVE-2024-47056 |
| Reference id | Reference type | URL |
|---|---|---|
| https://api.first.org/data/v1/epss?cve=CVE-2024-47056 | ||
| https://github.com/mautic/mautic | ||
| CVE-2024-47056 | https://nvd.nist.gov/vuln/detail/CVE-2024-47056 | |
| GHSA-h2wg-v8wg-jhxh | https://github.com/advisories/GHSA-h2wg-v8wg-jhxh | |
| GHSA-h2wg-v8wg-jhxh | https://github.com/mautic/mautic/security/advisories/GHSA-h2wg-v8wg-jhxh |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.15651 |
| EPSS Score | 0.00049 |
| Published At | June 5, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-04T16:24:04.142867+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2024-47056.yml | 38.6.0 |