RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.
Metrics
Affected Vendors & Products
References
History
Wed, 14 May 2025 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ruoyi
Ruoyi ruoyi |
|
CPEs | cpe:2.3:a:ruoyi:ruoyi:4.8.0:*:*:*:*:*:*:* | |
Vendors & Products |
Ruoyi
Ruoyi ruoyi |
Wed, 29 Jan 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-922 | |
Metrics |
cvssV3_1
|
Wed, 29 Jan 2025 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published: 2025-01-29T00:00:00.000Z
Updated: 2025-01-29T16:50:11.458Z
Reserved: 2025-01-09T00:00:00.000Z
Link: CVE-2024-57436

Updated: 2025-01-29T16:45:12.793Z

Status : Analyzed
Published: 2025-01-29T15:15:17.073
Modified: 2025-05-14T18:26:10.557
Link: CVE-2024-57436

No data.