What the vulnerability does
01Description
Missing Authorization vulnerability in EdwardBock Cron Logger cron-logger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cron Logger: from n/a through <= 1.3.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
What the vulnerability does
Missing Authorization vulnerability in EdwardBock Cron Logger cron-logger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cron Logger: from n/a through <= 1.3.0.
Explanation of Vulnerability in Simple Terms
Cron Logger versions 1.3.0 and earlier lack proper authorization checks, allowing authenticated users with low privileges to disrupt the application's availability. An attacker with a valid account can trigger denial-of-service conditions without requiring special interaction. The vulnerability affects the cron logging functionality and does not expose sensitive data or allow code execution.
What an attacker can do
Disrupt the application's availability by triggering denial-of-service conditions.
Potential impact on your site
Authenticated users can cause service disruptions; no data breach or code execution risk.
Conditions required to exploit
Attacker must have a valid low-privilege user account on the system.
Key dates
External resources