CVE-2024-24554

HIGH

Bludit - Auth Bypass

Title source: llm

Description

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.

References (1)

[Third Party Advisory] https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/

Scores

CVSS v3 8.2

EPSS 0.0012

EPSS Percentile 30.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-287 CWE-338

Status published

Products (1)

bludit/bludit 3.14.0 - 3.15.0

Published Jun 24, 2024

Tracked Since Feb 18, 2026