CVE-2023-6144

Sažetak

Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username.

Reference

https://fluidattacks.com/advisories/almighty/
https://github.com/Armanidrisi/devblog/

CVSS

Base:	4.8
Impact:	2.5
Exploitability:	2.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	-

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Zadnje važnije ažuriranje

29-11-2023 - 17:21

Objavljeno

21-11-2023 - 00:15