What is CVE-2018-10189?

CVE-2018-10189 is a vulnerability in the Mautic software version 2.x before 2.13.0 that allows a third party to manipulate tracking cookies and assume being tracked.

What is the impact of CVE-2018-10189?

The impact of CVE-2018-10189 is that a third party can systematically emulate tracking cookies per contact and manipulate the cookie value.

How can the vulnerability CVE-2018-10189 be exploited?

The vulnerability CVE-2018-10189 can be exploited by manipulating the cookie value with +1 to assume being tracked.

How can I fix the vulnerability CVE-2018-10189?

To fix the vulnerability CVE-2018-10189, you need to update Mautic to version 2.13.0 or later.

Where can I find more information about CVE-2018-10189?

You can find more information about CVE-2018-10189 on the GitHub security advisory page and the NIST National Vulnerability Database.

Vulnerability/
CVE-2018-10189

high

7.5

CWE

200

17/4/2018

19/1/2021

17/9/2024

CVE-2018-10189: Infoleak

First published: Tue Apr 17 2018(Updated: )

### Impact An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled. ### Patches Update to 2.13.0 or later ### Workarounds None ### For more information If you have any questions or comments about this advisory: * Email us at [security@mautic.org](mailto:security@mautic.org)

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Mautic Mautic	>=1.0.0<=1.4.1
Mautic Mautic	>=2.0.0<2.13.0

Never miss a vulnerability like this again

Reference Links

https://github.com/mautic/mautic/releases/tag/2.13.0

Frequently Asked Questions

What is CVE-2018-10189?
CVE-2018-10189 is a vulnerability in the Mautic software version 2.x before 2.13.0 that allows a third party to manipulate tracking cookies and assume being tracked.
What is the impact of CVE-2018-10189?
The impact of CVE-2018-10189 is that a third party can systematically emulate tracking cookies per contact and manipulate the cookie value.
How can the vulnerability CVE-2018-10189 be exploited?
The vulnerability CVE-2018-10189 can be exploited by manipulating the cookie value with +1 to assume being tracked.
How can I fix the vulnerability CVE-2018-10189?
To fix the vulnerability CVE-2018-10189, you need to update Mautic to version 2.13.0 or later.
Where can I find more information about CVE-2018-10189?
You can find more information about CVE-2018-10189 on the GitHub security advisory page and the NIST National Vulnerability Database.

collector/github-advisory-latest
alias/GHSA-vfxj-qg93-7wwc
alias/CVE-2018-10189
collector/github-advisory
collector/nvd-index
collector/nvd-cve
agent/author
agent/type
agent/references
agent/softwarecombine
agent/weakness
agent/severity
agent/description
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/trending
package-manager/composer
vendor/mautic
canonical/mautic mautic
version/mautic mautic/1.0.0
version/mautic mautic/1.4.1
version/mautic mautic/2.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.