Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-xsmg-dqq4-kqgf
Vulnerability ID VCID-xsmg-dqq4-kqgf
Aliases CVE-2024-47055
GHSA-vph5-ghq3-q782
Summary Mautic segment cloning doesn't have a proper permission check This advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the `cloneAction` of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-284 Improper Access Control
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-862 Missing Authorization
System Score Found at
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-47055
cvssv3.1 4.3 https://github.com/mautic/mautic
generic_textual MODERATE https://github.com/mautic/mautic
cvssv3.1 4.3 https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782
generic_textual MODERATE https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782
ssvc Track https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2024-47055
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-47055
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-47055
https://github.com/mautic/mautic
CVE-2024-47055 https://nvd.nist.gov/vuln/detail/CVE-2024-47055
GHSA-vph5-ghq3-q782 https://github.com/advisories/GHSA-vph5-ghq3-q782
GHSA-vph5-ghq3-q782 https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/mautic/mautic
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T19:02:39Z/ Found at https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-47055
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.44576
EPSS Score 0.00219
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:24:04.675193+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2024-47055.yml 38.6.0