CVE-2024-47055: Mautic segment cloning doesn't have a proper permission check

May 28, 2025

This advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks.

Insecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the cloneAction of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones.

References

github.com/advisories/GHSA-vph5-ghq3-q782
github.com/mautic/mautic
github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782
nvd.nist.gov/vuln/detail/CVE-2024-47055

Code Behaviors & Features

Detect and mitigate CVE-2024-47055 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →