GHSA-V6F3-GH5H-MQWX

Vulnerability from github – Published: 2024-04-09 15:52 – Updated: 2024-04-09 21:12
VLAI?
Summary
DIRAC: Unauthorized users can read proxy contents during generation
Details

Impact

During the proxy generation process (e.g., when using dirac-proxy-init) it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy.

This vulnerability only exists for a short period of time (sub-millsecond) during the generation process.

Patches

Has the problem been patched? What versions should users upgrade to?

Workarounds

Setting the X509_USER_PROXY environment variable to a path that is inside a directory that is only readable to the current user avoids the potential risk. After the file has been written it can be safely copied to the standard location (/tmp/x509up_uNNNN).

References

Severity ?
8.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "DIRAC"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.41"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-29905"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-09T15:52:17Z",
    "nvd_published_at": "2024-04-09T17:16:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nDuring the proxy generation process (e.g., when using `dirac-proxy-init`) it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy.\n\nThis vulnerability only exists for a short period of time (sub-millsecond) during the generation process.\n\n### Patches\n\n_Has the problem been patched? What versions should users upgrade to?_\n\n### Workarounds\n\nSetting the `X509_USER_PROXY` environment variable to a path that is inside a directory that is only readable to the current user avoids the potential risk. After the file has been written it can be safely copied to the standard location (`/tmp/x509up_uNNNN`).\n\n### References\n\n",
  "id": "GHSA-v6f3-gh5h-mqwx",
  "modified": "2024-04-09T21:12:12Z",
  "published": "2024-04-09T15:52:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/DIRACGrid/DIRAC/security/advisories/GHSA-v6f3-gh5h-mqwx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29905"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DIRACGrid/DIRAC/commit/1faa709341969a6321e29c843ca94039d33b2c3d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/DIRACGrid/DIRAC"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "DIRAC: Unauthorized users can read proxy contents during generation"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.