exploitDog

GHSA-w9wh-97qp-xq2v

Опубликовано: 21 нояб. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9.1

Описание

Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username.

Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username.

Ссылки

EPSS

Процентиль: 21%

0.0007

Низкий

9.1 Critical

CVSS3

CVE ID

Дефекты

CWE-639

Связанные уязвимости

CVE-2023-6144

CVSS3: 9.1

nvd

около 2 лет назад

Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username.

EPSS

Процентиль: 21%

0.0007

Низкий

9.1 Critical

CVSS3

CVE ID

Дефекты

CWE-639