Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID

🗓️ 19 Jan 2021 21:21:16Reported by GitHub Advisory DatabaseType

Mautic Sessions hijack risk due to tracking contacts by auto-incremented I

Reporter	Title	Published	Views	Family All 8
OpenVAS	Mautic <= 2.12 Information Disclosure Vulnerability	19 Apr 201800:00	–	openvas
Cvelist	CVE-2018-10189	17 Apr 201820:00	–	cvelist
NVD	CVE-2018-10189	17 Apr 201820:29	–	nvd
OSV	Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID	19 Jan 202121:16	–	osv
OSV	CVE-2018-10189	17 Apr 201820:29	–	osv
CVE	CVE-2018-10189	17 Apr 201820:29	–	cve
Veracode	Information DIsclosure	20 Jan 202118:06	–	veracode
Prion	Design/Logic Flaw	17 Apr 201820:29	–	prion

Vulners

Node

mautic coreRange<2.13.0

Source	Link
github	www.github.com/mautic/mautic/security/advisories/GHSA-vfxj-qg93-7wwc
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-10189
github	www.github.com/mautic/mautic/releases/tag/2.13.0
github	www.github.com/advisories/GHSA-vfxj-qg93-7wwc

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

19 Jan 2021 21:16Current

7.2High risk

Vulners AI Score7.2

CVSS25

CVSS37.5

EPSS0.00316

CWE-200