GHSA-v664-qgx9-wf79

Suggest an improvement
Source
https://github.com/advisories/GHSA-v664-qgx9-wf79
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-v664-qgx9-wf79/GHSA-v664-qgx9-wf79.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-v664-qgx9-wf79
Aliases
Published
2025-01-29T15:31:35Z
Modified
2025-01-29T19:27:06.089061Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • 7.8 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
RuoYi allowed unauthorized attackers to view the session ID of the admin in the system monitoring
Details

RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.

Database specific
{
    "cwe_ids": [
        "CWE-200",
        "CWE-922"
    ],
    "severity": "HIGH",
    "nvd_published_at": "2025-01-29T15:15:17Z",
    "github_reviewed_at": "2025-01-29T19:20:31Z",
    "github_reviewed": true
}
References

Affected packages

Maven / com.ruoyi:ruoyi

Package

Name
com.ruoyi:ruoyi
View open source insights on deps.dev
Purl
pkg:maven/com.ruoyi/ruoyi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
4.8.0