CVE-2024-57436 – com.ruoyi:ruoyi

Package

Manager: maven
Name: com.ruoyi:ruoyi
Vulnerable Version: >=0 <=4.8.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

EPSS: 0.00159 pctl0.37333

Details

RuoYi allowed unauthorized attackers to view the session ID of the admin in the system monitoring RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.

Metadata

Created: 2025-01-29T15:31:35Z
Modified: 2025-01-29T19:20:31Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-v664-qgx9-wf79/GHSA-v664-qgx9-wf79.json
CWE IDs: ["CWE-200", "CWE-922"]
Alternative ID: GHSA-v664-qgx9-wf79
Finding: F038
Auto approve: 1