CVE-2024-57436

Published Jan 29, 2025

Last updated a month ago

CVSS high 7.2

Overview

Description
RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.
Source
cve@mitre.org
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-922

Social media

Hype score
Not currently trending

  1. CVE-2024-57436 Session ID Exposure Vulnerability in RuoYi v4.8.0 Enabling Admin Impersonation https://t.co/IoGnyZiN8b

    @VulmonFeeds

    29 Jan 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References