CVE-2024-24825: DIRAC's TokenManager does not check permissions on cached tokens
(updated )
Any user could get a token that has been requested by another user/agent
References
- github.com/DIRACGrid/DIRAC
- github.com/DIRACGrid/DIRAC/commit/9487921684e2925b4cf72d6c423718cf4950f3fe
- github.com/DIRACGrid/DIRAC/commit/f9ddab755b9a69acb85e14d2db851d8ac0c9648c
- github.com/DIRACGrid/DIRAC/security/advisories/GHSA-59qj-jcjv-662j
- github.com/advisories/GHSA-59qj-jcjv-662j
- github.com/pypa/advisory-database/tree/main/vulns/dirac/PYSEC-2024-125.yaml
- nvd.nist.gov/vuln/detail/CVE-2024-24825
Code Behaviors & Features
Detect and mitigate CVE-2024-24825 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →