CVE-2023-6144: Dev Blog v1.0 - ATO
First published: Mon Nov 20 2023(Updated: )
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username.
Credit: help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Armanidrisi Dev Blog | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of Dev Blog v1.0 - ATO?
The vulnerability ID of Dev Blog v1.0 - ATO is CVE-2023-6144.
What is the severity of CVE-2023-6144?
The severity of CVE-2023-6144 is critical with a score of 9.1.
How does the Dev Blog v1.0 - ATO vulnerability work?
The Dev Blog v1.0 - ATO vulnerability allows an attacker to exploit an account takeover through the "user" cookie, providing access to any user's session by knowing their username.
What software versions are affected by CVE-2023-6144?
CVE-2023-6144 affects Armanidrisi Dev Blog version 1.0.
How can I fix the Dev Blog v1.0 - ATO vulnerability?
To fix the Dev Blog v1.0 - ATO vulnerability, it is recommended to update to a patched version of the software provided by the vendor.
- collector/mitre-cve
- collector/nvd-api
- agent/author
- agent/description
- agent/epss
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/epss-latest
- source/FIRST
- vendor/armanidrisi
- canonical/armanidrisi dev blog
- version/armanidrisi dev blog/1.0