GSA_kwCzR0hTQS12NjY0LXFneDktd2Y3Oc4ABD6_

High CVSS: 7.8 EPSS: 0.00159% (0.3737 Percentile) EPSS:

Permalink JSON

RuoYi allowed unauthorized attackers to view the session ID of the admin in the system monitoring

Affected Packages	Affected Versions	Fixed Versions
maven:com.ruoyi:ruoyi	<= 4.8.0	No known fixed version

RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-57436
https://github.com/peccc/restful_vul/blob/main/ruoyi_elevation_of_privileges/ruoyi_elevation_of_privileges.md
https://github.com/yangzongzhuan/RuoYi
https://ruoyi.vip
https://github.com/advisories/GHSA-v664-qgx9-wf79

Identifiers

GHSA-v664-qgx9-wf79

CVE-2024-57436

Risk

Severity

High

CVSS

CVSS Score: 7.8

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

EPSS

EPSS Percentage: 0.00159

EPSS Percentile: 0.3737

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/peccc/restful_vul

Date and time

Published

7 months ago

Updated

7 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories