Lucene search

NCSC.chVULNRICHMENT:CVE-2024-24552

HistoryJun 24, 2024 - 7:09 a.m.

CVE-2024-24552 Bludit is Vulnerable to Session Fixation

2024-06-2407:09:18

CWE-384

NCSC.ch

github.com

bludit

session fixation

vulnerability

authentication bypass

cve-2024-24552

CVSS4

5.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

ACTIVE

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:L/SC:N/VI:H/SI:N/VA:N/SA:N

AI Score

7.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A session fixation vulnerability in Bludit allows an attacker to bypass the server’s authentication if they can trick an administrator or any other user into authorizing a session ID of their choosing.

CNA Affected

[
  {
    "repo": "https://github.com/bludit/bludit/",
    "vendor": "Bludit",
    "product": "Bludit",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ],
    "platforms": [
      "Linux",
      "Windows",
      "MacOS"
    ],
    "packageName": "Bludit",
    "collectionURL": "https://www.bludit.com/",
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:bludit:bludit:*:*:*:*:*:*:*:*"
    ],
    "vendor": "bludit",
    "product": "bludit",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "3.15.0"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.redguard.ch/blog/2024/06/20/security-advisory-bludit/

CVSS4

5.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

ACTIVE

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:L/SC:N/VI:H/SI:N/VA:N/SA:N

AI Score

7.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-24552