CVE-2024-57436

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-57436

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57436.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-57436

Aliases

GHSA-v664-qgx9-wf79

Published

2025-01-29T15:15:17.073Z

Modified

2026-04-10T05:18:58.059996Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.

References

Affected packages

Git / github.com/yangzongzhuan/ruoyi

Affected ranges

Type

GIT

Repo

https://github.com/yangzongzhuan/ruoyi

Events

Introduced

Last affected

e9e07188956043bd19cf688f355b2e1841e04b74

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.8.0"
        }
    ]
}

Affected versions

v2.*

v2.2

v2.3

v2.4

v3.*

v3.1

v3.2

v3.3

v3.4

v4.*

v4.0

v4.1

v4.2

v4.3

v4.3.1

v4.4

v4.5.0

v4.5.1

v4.6.0

v4.6.1

v4.6.2

v4.7.0

v4.7.1

v4.7.2

v4.7.3

v4.7.4

v4.7.5

v4.7.6

v4.7.7

v4.7.8

v4.7.9

v4.8.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57436.json"