ByteOS Network

NVD Vulnerability Details :

CVE-2024-1144

Analyzed

Source-cve-coordination@incibe.es

Published At-19 Mar, 2024 | 12:15

Updated At-15 Oct, 2025 | 18:04

Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need for credentials.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CPE Matches

alma>>alma_blog>>Versions up to 2.1.10(inclusive)

cpe:2.3:a:alma:alma_blog:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-284	Secondary	cve-coordination@incibe.es

CWE ID: CWE-284

Type: Secondary

Source: cve-coordination@incibe.es

References

Hyperlink	Source	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alma-devklan-blog	cve-coordination@incibe.es	Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alma-devklan-blog	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory

Hyperlink: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alma-devklan-blog

Source: cve-coordination@incibe.es

Resource:

Third Party Advisory

Hyperlink: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alma-devklan-blog

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History