CVE-2024-24304 is a high-severity information disclosure vulnerability affecting the Mailjet module integrated with PrestaShop e-commerce platforms prior to version 3.5.1. The vulnerability allows an unauthenticated guest user to download sensitive technical information without any access restrictions. This flaw is categorized under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The vulnerability arises because the Mailjet module improperly exposes internal technical data, which could include configuration details, API keys, or other sensitive operational information that attackers could leverage for further exploitation. The CVSS v3.1 score of 7.5 reflects the ease of exploitation (network accessible, no privileges or user interaction required) and the high impact on confidentiality, although integrity and availability are unaffected. Since the vulnerability is in a widely used PrestaShop module for email marketing and transactional email services, it poses a significant risk to e-commerce sites relying on this integration. No known exploits have been reported in the wild yet, but the lack of authentication and user interaction requirements makes it a prime candidate for automated scanning and exploitation once publicly known. The absence of a patch link suggests that users should urgently update to version 3.5.1 or later where the issue is resolved.

For European organizations operating e-commerce platforms using PrestaShop with the Mailjet module, this vulnerability could lead to unauthorized disclosure of sensitive technical information. Such exposure can facilitate targeted attacks including credential theft, phishing, or further compromise of the e-commerce infrastructure. Confidential customer data might indirectly be at risk if attackers leverage the disclosed information to escalate privileges or access backend systems. This can result in reputational damage, regulatory penalties under GDPR for inadequate data protection, and financial losses due to fraud or downtime. Small and medium enterprises (SMEs) using PrestaShop extensively in Europe may be particularly vulnerable due to limited cybersecurity resources. The impact is heightened in sectors with stringent compliance requirements such as retail, finance, and healthcare e-commerce. Although no direct integrity or availability impact is noted, the confidentiality breach alone is significant given the potential for chained attacks.

European organizations should immediately verify the version of the Mailjet module installed on their PrestaShop platforms and upgrade to version 3.5.1 or later, where the vulnerability is fixed. If immediate upgrade is not feasible, implement access controls at the web server or application firewall level to restrict unauthenticated access to endpoints exposing technical information. Conduct thorough audits of exposed data to identify any leaked credentials or sensitive configuration details and rotate any compromised secrets. Enable detailed logging and monitoring to detect unusual access patterns indicative of exploitation attempts. Additionally, review and harden the overall PrestaShop installation by disabling unnecessary modules and enforcing the principle of least privilege for all components. Regular vulnerability scanning and penetration testing focused on third-party modules like Mailjet should be incorporated into security operations. Finally, maintain awareness of vendor advisories for any subsequent patches or mitigation guidance.