CVE-2024-57436 — HIGH (7.2)

Vulnerability Description

RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ruoyi	Ruoyi	4.8.0

Related Weaknesses (CWE)

CWE-922

References

https://github.com/peccc/restful_vul/blob/main/ruoyi_elevation_of_privileges/ruoExploitThird Party Advisory
https://github.com/yangzongzhuan/RuoYiProduct
https://ruoyi.vip/Product
https://github.com/peccc/restful_vul/blob/main/ruoyi_elevation_of_privileges/ruoExploitThird Party Advisory

FAQ

What is CVE-2024-57436?

CVE-2024-57436 is a vulnerability with a CVSS score of 7.2 (HIGH). RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted ...

How severe is CVE-2024-57436?

CVE-2024-57436 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-57436?

Check the references section above for vendor advisories and patch information. Affected products include: Ruoyi Ruoyi.