CVE-2024-24552

June 24, 2024, 12:57 p.m.

None
No Score

Description

A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their choosing.

Product(s) Impacted

Product Versions
Bludit
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-384
Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References

https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/

Tags

CWE-384
2024-06-24
vulnerability@ncsc.ch
CVE-2024-24552

Timeline

Published: June 24, 2024, 7:15 a.m.
Last Modified: June 24, 2024, 12:57 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vulnerability@ncsc.ch

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.