Ecosyste.ms: Advisories

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmeGotcWc5My03d3dj

Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID

Impact

An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled.

Patches

Update to 2.13.0 or later

Workarounds

None

For more information

If you have any questions or comments about this advisory:

• Email us at [email protected]

Permalink: https://github.com/advisories/GHSA-vfxj-qg93-7wwc
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmeGotcWc5My03d3dj
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 3 years ago
Updated: 8 months ago

CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-vfxj-qg93-7wwc, CVE-2018-10189
References:

• https://github.com/mautic/mautic/security/advisories/GHSA-vfxj-qg93-7wwc
• https://nvd.nist.gov/vuln/detail/CVE-2018-10189
• https://github.com/mautic/mautic/releases/tag/2.13.0
• https://github.com/advisories/GHSA-vfxj-qg93-7wwc

Repository: https://github.com/mautic/mautic
Blast Radius: 3.6

Affected Packages