High severityNVD Advisory· Published Jan 29, 2025· Updated Jan 29, 2025

CVE-2024-57436

Description

RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
com.ruoyi:ruoyiMaven	<= 4.8.0	—

Affected products

Ruoyi/Ruoyicpe-rescue
ghsa-coords
pkg:maven/com.ruoyi/ruoyi
Range: <= 4.8.0

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-v664-qgx9-wf79ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-57436ghsaADVISORY
github.com/peccc/restful_vul/blob/main/ruoyi_elevation_of_privileges/ruoyi_elevation_of_privileges.mdghsaWEB
ruoyi.vipghsaWEB
ruoyi.vipmitre

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000