← back
CVE-2023-6144

Dev Blog v1.0 - ATO

CVSS 9.1 CRITICALEPSS 0.4%CWE-639
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.1EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 Nov 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products
Dev Blog · Dev Blog

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fluidattacks.com/advisories/almighty/https://github.com/Armanidrisi/devblog/