CVE-2024-57436
Published: 29 January 2025
Description
Adversaries may forge web cookies that can be used to gain access to web applications or Internet services.
Security Summary
CVE-2024-57436 affects RuoYi version 4.8.0, a vulnerability classified under CWE-922 that exposes the admin session ID through the system monitoring interface. Unauthorized attackers can view this sensitive information, enabling them to craft a cookie for impersonating Admin users. The issue received a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating network accessibility with low complexity but requiring high privileges.
Attackers with high privileges can exploit this over the network without user interaction to achieve high impacts on confidentiality, integrity, and availability. By accessing the system monitoring feature, they obtain the admin session ID and construct a malicious cookie, allowing full impersonation of Admin accounts and potential takeover of administrative functions.
Advisories referenced in the CVE include detailed write-ups on GitHub at https://github.com/peccc/restful_vul/blob/main/ruoyi_elevation_of_privileges/ruoyi_elevation_of_privileges.md, the official RuoYi repository at https://github.com/yangzongzhuan/RuoYi, and the project site at https://ruoyi.vip/. No specific patch or mitigation steps are detailed in the provided CVE information.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability exposes admin session ID in system monitoring, allowing unauthorized attackers to steal web session cookies (T1539), forge web credentials with crafted cookies (T1606.001), and use stolen web session cookies as alternate authentication material (T1550.004) for admin impersonation.