Skip to main content

CVE-2024-24304: n/a in n/a

High
VulnerabilityCVE-2024-24304cvecve-2024-24304
Published: Wed Feb 07 2024 (02/07/2024, 00:00:00 UTC)
Source: CVE Database V5
Vendor/Project: n/a
Product: n/a

Description

In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction.

AI-Powered Analysis

AILast updated: 07/10/2025, 21:47:58 UTC

Technical Analysis

CVE-2024-24304 is a high-severity information disclosure vulnerability affecting the Mailjet module integrated with PrestaShop e-commerce platforms prior to version 3.5.1. The vulnerability allows an unauthenticated guest user to download sensitive technical information without any access restrictions. This flaw is categorized under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The vulnerability arises because the Mailjet module improperly exposes internal technical data, which could include configuration details, API keys, or other sensitive operational information that attackers could leverage for further exploitation. The CVSS v3.1 score of 7.5 reflects the ease of exploitation (network accessible, no privileges or user interaction required) and the high impact on confidentiality, although integrity and availability are unaffected. Since the vulnerability is in a widely used PrestaShop module for email marketing and transactional email services, it poses a significant risk to e-commerce sites relying on this integration. No known exploits have been reported in the wild yet, but the lack of authentication and user interaction requirements makes it a prime candidate for automated scanning and exploitation once publicly known. The absence of a patch link suggests that users should urgently update to version 3.5.1 or later where the issue is resolved.

Potential Impact

For European organizations operating e-commerce platforms using PrestaShop with the Mailjet module, this vulnerability could lead to unauthorized disclosure of sensitive technical information. Such exposure can facilitate targeted attacks including credential theft, phishing, or further compromise of the e-commerce infrastructure. Confidential customer data might indirectly be at risk if attackers leverage the disclosed information to escalate privileges or access backend systems. This can result in reputational damage, regulatory penalties under GDPR for inadequate data protection, and financial losses due to fraud or downtime. Small and medium enterprises (SMEs) using PrestaShop extensively in Europe may be particularly vulnerable due to limited cybersecurity resources. The impact is heightened in sectors with stringent compliance requirements such as retail, finance, and healthcare e-commerce. Although no direct integrity or availability impact is noted, the confidentiality breach alone is significant given the potential for chained attacks.

Mitigation Recommendations

European organizations should immediately verify the version of the Mailjet module installed on their PrestaShop platforms and upgrade to version 3.5.1 or later, where the vulnerability is fixed. If immediate upgrade is not feasible, implement access controls at the web server or application firewall level to restrict unauthenticated access to endpoints exposing technical information. Conduct thorough audits of exposed data to identify any leaked credentials or sensitive configuration details and rotate any compromised secrets. Enable detailed logging and monitoring to detect unusual access patterns indicative of exploitation attempts. Additionally, review and harden the overall PrestaShop installation by disabling unnecessary modules and enforcing the principle of least privilege for all components. Regular vulnerability scanning and penetration testing focused on third-party modules like Mailjet should be incorporated into security operations. Finally, maintain awareness of vendor advisories for any subsequent patches or mitigation guidance.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2024-01-25T00:00:00.000Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68487f5c1b0bd07c3938d4a6

Added to database: 6/10/2025, 6:54:20 PM

Last enriched: 7/10/2025, 9:47:58 PM

Last updated: 8/15/2025, 8:09:12 AM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats