CVE-2024-24554

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-24554

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24554.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-24554

Published

2024-06-24T08:15:09.130Z

Modified

2026-04-10T05:09:50.216204Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N CVSS Calculator

Summary

[none]

Details

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.

References

https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/

Affected packages

Git / github.com/bludit/bludit

Affected ranges

Type

GIT

Repo

https://github.com/bludit/bludit

Events

Introduced

29b7d74ead855a36ad270bbfca055e27f3ff7916

Last affected

0a9c21a1e8f515181c6de9aa0500b9ff5a481093

Database specific

{
    "versions": [
        {
            "introduced": "3.14.0"
        },
        {
            "last_affected": "3.15.0"
        }
    ]
}

Affected versions

3.*

3.14.0

3.14.0-test

3.14.1

3.15.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24554.json"