{"id":"CVE-2024-24552","details":"A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their choosing.","modified":"2026-04-10T05:09:49.999736Z","published":"2024-06-24T07:15:14.903Z","references":[{"type":"ADVISORY","url":"https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bludit/bludit","events":[{"introduced":"29b7d74ead855a36ad270bbfca055e27f3ff7916"},{"last_affected":"0a9c21a1e8f515181c6de9aa0500b9ff5a481093"}],"database_specific":{"versions":[{"introduced":"3.14.0"},{"last_affected":"3.15.0"}]}}],"versions":["3.14.0","3.14.0-test","3.14.1","3.15.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24552.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}