Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-g21m-aehf-wkfw
Vulnerability ID VCID-g21m-aehf-wkfw
Aliases CVE-2024-47057
GHSA-424x-cxvh-wq9p
Summary Mautic allows user name enumeration due to response time difference on password reset form This advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the "Forget your password" functionality. Differences in response times for existing and non-existing users, combined with a lack of request limiting, allow an attacker to determine the existence of usernames through a timing-based attack.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-204 Observable Response Discrepancy
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-203 Observable Discrepancy
System Score Found at
epss 0.00242 https://api.first.org/data/v1/epss?cve=CVE-2024-47057
cvssv3.1 5.3 https://github.com/mautic/mautic
generic_textual MODERATE https://github.com/mautic/mautic
cvssv3.1 5.3 https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p
generic_textual MODERATE https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p
ssvc Track https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2024-47057
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-47057
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-47057
https://github.com/mautic/mautic
CVE-2024-47057 https://nvd.nist.gov/vuln/detail/CVE-2024-47057
GHSA-424x-cxvh-wq9p https://github.com/advisories/GHSA-424x-cxvh-wq9p
GHSA-424x-cxvh-wq9p https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/mautic/mautic
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:58:43Z/ Found at https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-47057
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.47683
EPSS Score 0.00242
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:24:04.600780+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2024-47057.yml 38.6.0