CVE-2024-24554

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/	Third Party Advisory
https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:bludit:bludit:*:*:*:*:*:*:*:*

History

02 Jan 2026, 20:20

Type	Values Removed	Values Added
References	~~() https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/ -~~	() https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/ - Third Party Advisory
First Time		Bludit Bludit bludit
CPE		cpe:2.3:a:bludit:bludit::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.2

21 Nov 2024, 08:59

Type	Values Removed	Values Added
References	~~() https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/ -~~	() https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/ -

24 Jun 2024, 12:57

Type	Values Removed	Values Added
Summary		(es) Bludit utiliza métodos predecibles en combinación con el algoritmo hash MD5 para generar tokens confidenciales, como el token API y el token de usuario. Esto permite a los atacantes autenticarse en la API de Bludit.

24 Jun 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-24 08:15

Updated : 2026-01-02 20:20

NVD link : CVE-2024-24554

Mitre link : CVE-2024-24554

CVE.ORG link : CVE-2024-24554

JSON object : View

Products Affected

bludit

bludit

CWE

CWE-287

Improper Authentication

CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

{"id": "CVE-2024-24554", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "vulnerability@ncsc.ch", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-06-24T08:15:09.130", "references": [{"url": "https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/", "tags": ["Third Party Advisory"], "source": "vulnerability@ncsc.ch"}, {"url": "https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "vulnerability@ncsc.ch", "description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-338"}]}], "descriptions": [{"lang": "en", "value": "Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API."}, {"lang": "es", "value": "Bludit utiliza m\u00e9todos predecibles en combinaci\u00f3n con el algoritmo hash MD5 para generar tokens confidenciales, como el token API y el token de usuario. Esto permite a los atacantes autenticarse en la API de Bludit."}], "lastModified": "2026-01-02T20:20:41.453", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bludit:bludit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3B53AB2-9197-4BD3-B422-6EE7A962C005", "versionEndIncluding": "3.15.0", "versionStartIncluding": "3.14.0"}], "operator": "OR"}]}], "sourceIdentifier": "vulnerability@ncsc.ch"}