CVE-2024-24552

Bludit is Vulnerable to Session Fixation

Severity Score

5.6

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their choosing.

Una vulnerabilidad de fijación de sesión en Bludit permite a un atacante eludir la autenticación del servidor si puede engañar a un administrador o cualquier otro usuario para que autorice una ID de sesión de su elección.

*Credits: Andreas Pfefferle, Redguard AG

CVSS Scores

Switzerland Government Common Vulnerability Programv4 5.6

Attack Vector

Network

Attack Complexity

High

Attack Requirements

Present

Privileges Required

High

User Interaction

Active

System

Vulnerable | Subsequent

Confidentiality

Low

None

Integrity

High

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-01-25 CVE Reserved
2024-06-24 CVE Published
2024-06-24 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-384: Session Fixation

CAPEC

CAPEC-61: Session Fixation
CAPEC-593: Session Hijacking

References (1)

URL	Tag	Source
https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bludit Search vendor "Bludit"		Bludit Search vendor "Bludit" for product "Bludit"				0 Search vendor "Bludit" for product "Bludit" and version "0"		en		Affected