CVE-2024-24304 in Mailjet Module
Summary
by MITRE • 02/07/2024
In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/09/2025
The vulnerability identified as CVE-2024-24304 affects the Mailjet module for PrestaShop, specifically impacting versions prior to 3.5.1. This security flaw represents a critical access control weakness that allows unauthenticated users to obtain sensitive technical information through unrestricted download capabilities. The issue stems from insufficient authorization checks within the module's file retrieval mechanisms, creating a pathway for malicious actors to exploit the system's lack of proper authentication verification.
The technical implementation of this vulnerability resides in the module's handling of file download requests, where guest users can access restricted files without proper authentication. This flaw operates under CWE-284, which classifies improper access control vulnerabilities, specifically targeting the module's failure to enforce appropriate authorization checks. The vulnerability enables attackers to bypass normal access restrictions and obtain technical artifacts that could reveal system configurations, module internals, or other sensitive data that should remain protected from unauthorized access.
From an operational perspective, this vulnerability poses significant risks to PrestaShop stores using the affected Mailjet module. Attackers can exploit this weakness to gather information about the underlying system architecture, potentially identifying other vulnerabilities or weaknesses in the broader e-commerce platform. The unrestricted access to technical information could facilitate more sophisticated attacks, including those targeting the PrestaShop core system or other installed modules. The impact extends beyond simple information disclosure, as this data could be leveraged for privilege escalation or further exploitation attempts.
The security implications of CVE-2024-24304 align with ATT&CK technique T1083, which covers directory and file system discovery activities. This vulnerability enables adversaries to perform reconnaissance activities without requiring authentication, providing them with valuable intelligence for subsequent attack phases. The flaw particularly affects e-commerce environments where sensitive customer data and business-critical information may be exposed through these technical artifacts. Organizations using affected versions should prioritize immediate remediation to prevent potential exploitation.
Mitigation strategies for this vulnerability include updating the Mailjet module to version 3.5.1 or later, which implements proper access control mechanisms. System administrators should also conduct comprehensive security assessments of their PrestaShop installations to identify other potential access control weaknesses. Additional protective measures include implementing web application firewalls, monitoring for unusual download patterns, and ensuring that all third-party modules undergo regular security reviews. The vulnerability highlights the importance of maintaining up-to-date software components and implementing robust access control policies across all system elements. Organizations should also consider implementing network segmentation and privilege separation to minimize the potential impact of such access control failures.