CVE-2024-1144 Vulnerability Details

  /     /     /  

CVE-2024-1144 Metadata Quick Info

CVE Published: 19/03/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: INCIBE | Vendor: Devklan | Product: Alma Blog
Status : PUBLISHED

CVE-2024-1144 Description

Improper access control vulnerability in Devklan\'s Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application\'s functionalities without the need for credentials.

Metrics

CVSS Version: 3.1 | Base Score: 6.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-284
CWE Name: CWE-284 Improper Access Control
Source: Devklan

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-551
CAPEC Description: CAPEC-551 Modify Existing Service


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2024-1144 Vulnerability Details