Lucene search

[email protected]CVE-2024-24552

HistoryJun 24, 2024 - 7:15 a.m.

CVE-2024-24552

2024-06-2407:15:14

CWE-384

[email protected]

web.nvd.nist.gov

session fixation

bludit

authentication bypass

5.6 Medium

CVSS4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

ACTIVE

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:L/SC:N/VI:H/SI:N/VA:N/SA:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

A session fixation vulnerability in Bludit allows an attacker to bypass the server’s authentication if they can trick an administrator or any other user into authorizing a session ID of their choosing.

CNA Affected

[
  {
    "collectionURL": "https://www.bludit.com/",
    "defaultStatus": "unaffected",
    "packageName": "Bludit",
    "platforms": [
      "Linux",
      "Windows",
      "MacOS"
    ],
    "product": "Bludit",
    "repo": "https://github.com/bludit/bludit/",
    "vendor": "Bludit",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ]
  }
]

References

www.redguard.ch/blog/2024/06/20/security-advisory-bludit/

5.6 Medium

CVSS4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

ACTIVE

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:L/SC:N/VI:H/SI:N/VA:N/SA:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-24552

vulnrichment1 nvd1 cvelist1