PT-2024-20591 · Dirac · Dirac

Aldbr

Published

2024-02-08

Updated

2024-02-16

CVE-2024-24825

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions DIRAC versions prior to 8.0.37

Description DIRAC is a distributed resource framework. In affected versions, any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties.

Recommendations For versions prior to 8.0.37, upgrade to release version 8.0.37 to address the issue. There are no known workarounds for this vulnerability. As a temporary workaround, consider restricting access to token requests until the upgrade is applied.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2024-24825

GHSA-59QJ-JCJV-662J

PYSEC-2024-125

Affected Products

Dirac

PT-2024-20591 · Dirac · Dirac

CVE-2024-24825

Weakness Enumeration

Related Identifiers

Affected Products

References · 15