Lucene search

INCIBEVULNRICHMENT:CVE-2024-1144

HistoryMar 19, 2024 - 11:32 a.m.

CVE-2024-1144 Improper Access Control at Alma Devklan Blog

2024-03-1911:32:49

CWE-284

INCIBE

github.com

improper access control

alma devklan blog

vulnerability

unauthenticated user

application functionality access

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Improper access control vulnerability in Devklan’s Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application’s functionalities without the need for credentials.

CNA Affected

[
  {
    "vendor": "Devklan",
    "product": "Alma Blog",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "2.1.10"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alma-devklan-blog

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-1144