Mautic Sensitive Information Disclosure Vulnerability via .env File Exposure

A vulnerability in Mautic versions greater than 4.4 allows sensitive .env configuration files to be accessed directly through a web browser. This exposure could lead to the disclosure of critical information such as database credentials, API keys, and other essential system configurations. The vulnerability arises from inadequate web server settings that fail to restrict access to .env files, enabling an unauthenticated attacker to view the file's contents by simply navigating to its URL.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information, including database credentials and API keys, which could be misused to compromise the application or its data.

Remediation

Users are advised to update Mautic to the latest version. For Apache users, ensure that the web server is configured to respect .htaccess files. Nginx users should manually add a configuration block to deny access to .env files and reload or restart the Nginx service for the changes to take effect.