CVE-2023-6144

Summary

Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username.

Affected Software

VendorProductVersion RangeStatus
Dev BlogDev Blog1.0affected

Weaknesses

  • CWE-639: CWE-639 Authorization Bypass Through User-Controlled Key

ADP Enrichment

CVE Program Container

Additional References

References