CVE-2024-24825
TokenManager not checking permissions on cached tokens in DIRAC
DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Produtos afetados
DIRACGrid · DIRACQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →