CVE-2024-57436

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-57436

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57436.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-57436

Aliases

GHSA-v664-qgx9-wf79

Published

2025-01-29T15:15:17Z

Modified

2025-07-01T16:08:26.153864Z

Summary

[none]

Details

RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.

References

Affected packages

Git / github.com/yangzongzhuan/ruoyi

Affected ranges

Type: GIT
Repo: https://github.com/yangzongzhuan/ruoyi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

e9e07188956043bd19cf688f355b2e1841e04b74

Affected versions

v2.*

v2.2

v2.3

v2.4

v3.*

v3.0

v3.1

v3.2

v3.3

v3.4

v4.*

v4.0

v4.1

v4.2

v4.3

v4.3.1

v4.4

v4.5.0

v4.5.1

v4.6.0

v4.6.1

v4.6.2

v4.7.0

v4.7.1

v4.7.2

v4.7.3

v4.7.4

v4.7.5

v4.7.6

v4.7.7

v4.7.8

v4.7.9

v4.8.0