CVE-2018-10189: Information Exposure

April 17, 2018 (updated May 23, 2018)

An issue was discovered in Mautic It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled.

References

nvd.nist.gov/vuln/detail/CVE-2018-10189

Code Behaviors & Features

Detect and mitigate CVE-2018-10189 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →