What the vulnerability does
01Description
Missing Authorization vulnerability in NotFound Unlimited Timeline unlimited-timeline allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Unlimited Timeline: from n/a through < 1.6.1.
Explanation of Vulnerability in Simple Terms
02Summary
Unlimited Timeline versions 1.6.1 and earlier lack proper authorization checks, allowing unauthenticated attackers to read sensitive data over the network. The vulnerability requires no user interaction and affects confidentiality but not integrity or availability. Administrators should update to a version newer than 1.6.1 as soon as a patch is available.
What an attacker can do
03Attacker Capabilities
Read sensitive data from the application without authentication.
Potential impact on your site
04Site Impact
Sensitive information may be exposed to anyone on the internet without requiring a login.
Conditions required to exploit
05Prerequisites
Network access to the affected application; no authentication or user interaction required.
Key dates
06Disclosure timeline
April 15, 2025
CVE published
April 29, 2026
Record updated