CVE-2024-24552
June 24, 2024, 12:57 p.m.
Tags
Product(s) Impacted
Bludit
Description
A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their choosing.
Weaknesses
CWE-384
Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
CWE ID: 384Date
Published: June 24, 2024, 7:15 a.m.
Last Modified: June 24, 2024, 12:57 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
vulnerability@ncsc.ch
References
vulnerability@ncsc.ch