CVE-2024-1144 MEDIUM

CVE-2024-1144: Improper Access Control at Alma Devklan Blog

Vendor Devklan
Product Alma Blog
Weakness CWE-284
Published March 19, 2024
Last update August 1, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need for credentials.

Key dates

02Disclosure timeline

March 19, 2024 CVE published
August 1, 2024 Record updated