216.73.217.98

CVE-2024-47057

· Published 28/05/2025 18:15 · Modified 29/05/2025 14:29

Labels: CVE-2024-47057 2025-05-28CVE-2024-47057CWE-203[email protected]

Essential information

Published
28/05/2025 18:15
Modified
29/05/2025 14:29
Author
Creator
CVSS
5.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS metrics

Description

SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the "Forget your password" functionality. Differences in response times for existing and non-existing users, combined with a lack of request limiting, allow an attacker to determine the existence of usernames through a timing-based attack. MitigationPlease update to a version that addresses this timing vulnerability, where password reset responses are normalized to respond at the same time regardless of user existence.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mautic / mautic cpe:2.3:a:mautic:mautic:*:*:*:*:*:*:*:*

References