Lucene search

K
nvd[email protected]NVD:CVE-2023-6144
HistoryNov 21, 2023 - 12:15 a.m.

CVE-2023-6144

2023-11-2100:15:07
CWE-639
web.nvd.nist.gov
cve-2023-6144
account takeover
user cookie
session access

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

Dev blog v1.0 allows to exploit an account takeover through the “user” cookie. With this, an attacker can access any user’s session just by knowing their username.

Affected configurations

NVD
Node
armanidrisidev_blogMatch1.0

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

Related for NVD:CVE-2023-6144