{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-2730","assignerOrgId":"455daabc-a392-441d-aa46-37d35189897c","state":"PUBLISHED","assignerShortName":"NCSC.ch","dateReserved":"2024-03-20T13:04:41.496Z","datePublished":"2024-04-10T13:59:36.195Z","dateUpdated":"2024-08-09T16:22:51.017Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","product":"Mautic","programFiles":["https://github.com/mautic/mautic/blob/4.4.9/app/bundles/PageBundle/Controller/PageController.php#L331"],"repo":"https://github.com/mautic/mautic","vendor":"Mautic","versions":[{"lessThanOrEqual":"4.4.9","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"ZHAW Information Security Research Group"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div><div>Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available <br></div></div>"}],"value":"Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available \n\n"}],"impacts":[{"capecId":"CAPEC-87","descriptions":[{"lang":"en","value":"CAPEC-87 Forceful Browsing"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-425","description":"CWE-425 Direct Request ('Forced Browsing')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"455daabc-a392-441d-aa46-37d35189897c","shortName":"NCSC.ch","dateUpdated":"2024-04-10T13:59:36.195Z"},"references":[{"tags":["exploit"],"url":"https://huntr.com/bounties/cd3321a4-9ebc-48fa-8d4c-b5720089c2d9"}],"source":{"discovery":"EXTERNAL"},"title":"Predictable Page Indexing Might Lead to Sensitive Data Exposure in Mautic","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T19:25:40.619Z"},"title":"CVE Program Container","references":[{"tags":["exploit","x_transferred"],"url":"https://huntr.com/bounties/cd3321a4-9ebc-48fa-8d4c-b5720089c2d9"}]},{"affected":[{"vendor":"mautic","product":"mautic","cpes":["cpe:2.3:a:mautic:mautic:*:*:*:*:*:*:*:*"],"defaultStatus":"affected","versions":[{"version":"0","status":"affected","lessThanOrEqual":"4.4.9","versionType":"semver"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-09T16:20:19.216386Z","id":"CVE-2024-2730","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-09T16:22:51.017Z"}}]}}