CVE-2024-57436

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-57436
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57436.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-57436
Aliases
Published
2025-01-29T15:15:17Z
Modified
2025-05-17T13:50:42.461109Z
Summary
[none]
Details

RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.

References

Affected packages

Git / github.com/yangzongzhuan/ruoyi

Affected ranges

Type
GIT
Repo
https://github.com/yangzongzhuan/ruoyi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

v2.*

v2.2
v2.3
v2.4

v3.*

v3.0
v3.1
v3.2
v3.3
v3.4

v4.*

v4.0
v4.1
v4.2
v4.3
v4.3.1
v4.4
v4.5.0
v4.5.1
v4.6.0
v4.6.1
v4.6.2
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.7.4
v4.7.5
v4.7.6
v4.7.7
v4.7.8
v4.7.9
v4.8.0