CVE-2024-57436

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RuoYi version 4.8.0

Description The issue allows unauthorized attackers to view the session ID of the admin in the system monitoring, enabling them to impersonate Admin users via a crafted cookie.

Recommendations RuoYi version 4.8.0: Update the system to prevent session ID exposure and ensure proper cookie handling to mitigate admin impersonation risks.

Exploit

Fix

Information Disclosure

Insecure Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-922

Related Identifiers

CVE-2024-57436

GHSA-V664-QGX9-WF79

Affected Products

Ruoyi

CVE-2024-57436

Weakness Enumeration

Related Identifiers

Affected Products

References · 10