pysec-2024-125
Vulnerability from pysec
Published
2024-02-09 00:15
Modified
2024-11-21 14:22
Severity ?
Details
DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Aliases
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "dirac", "purl": "pkg:pypi/dirac" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "f9ddab755b9a69acb85e14d2db851d8ac0c9648c" } ], "repo": "https://github.com/DIRACGrid/DIRAC", "type": "GIT" }, { "events": [ { "introduced": "0" }, { "fixed": "8.0.37" } ], "type": "ECOSYSTEM" } ], "versions": [ "7.2.0", "7.2.0a32", "7.2.0a33", "7.2.0a34", "7.2.0a35", "7.2.0a36", "7.2.0a38", "7.2.0a39", "7.2.1", "7.2.10", "7.2.12", "7.2.13", "7.2.14", "7.2.15", "7.2.16", "7.2.19", "7.2.2", "7.2.20", "7.2.21", "7.2.22", "7.2.23", "7.2.24", "7.2.25", "7.2.26", "7.2.27", "7.2.28", "7.2.3", "7.2.30", "7.2.31", "7.2.32", "7.2.33", "7.2.34", "7.2.35", "7.2.36", "7.2.37", "7.2.38", "7.2.39", "7.2.4", "7.2.40", "7.2.41", "7.2.42", "7.2.43", "7.2.44", "7.2.45", "7.2.46", "7.2.47", "7.2.48", "7.2.49", "7.2.5", "7.2.50", "7.2.51", "7.2.52", "7.2.6", "7.2.7", "7.2.8", "7.2.9", "7.2a29", "7.3.0a10", "7.3.0a11", "7.3.0a13", "7.3.0a14", "7.3.0a15", "7.3.0a16", "7.3.0a17", "7.3.0a18", "7.3.0a19", "7.3.0a2", "7.3.0a20", "7.3.0a21", "7.3.0a22", "7.3.0a23", "7.3.0a24", "7.3.0a3", "7.3.0a4", "7.3.0a5", "7.3.0a6", "7.3.0a7", "7.3.0a8", "7.3.0a9", "7.3.1", "7.3.10", "7.3.11", "7.3.12", "7.3.13", "7.3.14", "7.3.15", "7.3.16", "7.3.17", "7.3.18", "7.3.19", "7.3.2", "7.3.20", "7.3.21", "7.3.22", "7.3.23", "7.3.24", "7.3.26", "7.3.27", "7.3.28", "7.3.29", "7.3.3", "7.3.30", "7.3.31", "7.3.32", "7.3.33", "7.3.34", "7.3.35", "7.3.36", "7.3.37", "7.3.38", "7.3.4", "7.3.5", "7.3.6", "7.3.7", "7.3.8", "7.3.9", "7.4.0a1", "8.0.0", "8.0.0a1", "8.0.0a10", "8.0.0a11", "8.0.0a12", "8.0.0a13", "8.0.0a14", "8.0.0a15", "8.0.0a16", "8.0.0a17", "8.0.0a18", "8.0.0a19", "8.0.0a20", "8.0.0a21", "8.0.0a22", "8.0.0a23", "8.0.0a24", "8.0.0a25", "8.0.0a26", "8.0.0a27", "8.0.0a28", "8.0.0a29", "8.0.0a5", "8.0.0a6", "8.0.0a7", "8.0.0a8", "8.0.0a9", "8.0.1", "8.0.10", "8.0.11", "8.0.12", "8.0.13", "8.0.14", "8.0.15", "8.0.16", "8.0.17", "8.0.18", "8.0.19", "8.0.2", "8.0.20", "8.0.21", "8.0.22", "8.0.23", "8.0.24", "8.0.25", "8.0.26", "8.0.27", "8.0.28", "8.0.29", "8.0.3", "8.0.30", "8.0.31", "8.0.32", "8.0.33", "8.0.34", "8.0.35", "8.0.36", "8.0.4", "8.0.5", "8.0.6", "8.0.7", "8.0.8", "8.0.9" ] } ], "aliases": [ "CVE-2024-24825", "GHSA-59qj-jcjv-662j" ], "details": "DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "id": "PYSEC-2024-125", "modified": "2024-11-21T14:22:45.495938+00:00", "published": "2024-02-09T00:15:00+00:00", "references": [ { "type": "ADVISORY", "url": "https://github.com/DIRACGrid/DIRAC/security/advisories/GHSA-59qj-jcjv-662j" }, { "type": "FIX", "url": "https://github.com/DIRACGrid/DIRAC/commit/f9ddab755b9a69acb85e14d2db851d8ac0c9648c" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.