GHSA-v664-qgx9-wf79

Source

https://github.com/advisories/GHSA-v664-qgx9-wf79

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-v664-qgx9-wf79/GHSA-v664-qgx9-wf79.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-v664-qgx9-wf79

Aliases

CVE-2024-57436

Published

2025-01-29T15:31:35Z

Modified

2025-01-29T19:27:06.089061Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
7.8 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator

Summary

RuoYi allowed unauthorized attackers to view the session ID of the admin in the system monitoring

Details

RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.

Database specific

{
    "nvd_published_at": "2025-01-29T15:15:17Z",
    "github_reviewed_at": "2025-01-29T19:20:31Z",
    "github_reviewed": true,
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-200",
        "CWE-922"
    ]
}

References

Affected packages

Maven / com.ruoyi:ruoyi

Package

Name: com.ruoyi:ruoyi; View open source insights on deps.dev
Purl: pkg:maven/com.ruoyi/ruoyi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.8.0