{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-1144","assignerOrgId":"0cbda920-cd7f-484a-8e76-bf7f4b7f4516","state":"PUBLISHED","assignerShortName":"INCIBE","dateReserved":"2024-02-01T08:38:59.529Z","datePublished":"2024-03-19T11:32:49.261Z","dateUpdated":"2024-08-01T18:26:30.513Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Alma Blog","vendor":"Devklan","versions":[{"lessThanOrEqual":"2.1.10","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"David Utón Amaya"}],"datePublic":"2024-03-19T11:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need for credentials."}],"value":"Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need for credentials."}],"impacts":[{"capecId":"CAPEC-551","descriptions":[{"lang":"en","value":"CAPEC-551 Modify Existing Service"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284 Improper Access Control","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"0cbda920-cd7f-484a-8e76-bf7f4b7f4516","shortName":"INCIBE","dateUpdated":"2024-03-19T11:32:49.261Z"},"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alma-devklan-blog"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Upgrade Alma Blog to version 2.2."}],"value":"Upgrade Alma Blog to version 2.2."}],"source":{"discovery":"EXTERNAL"},"title":"Improper Access Control at Alma Devklan Blog","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-1144","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-03-21T15:59:04.966952Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:59:24.803Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T18:26:30.513Z"},"title":"CVE Program Container","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alma-devklan-blog","tags":["x_transferred"]}]}]}}