Описание
DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Ссылки
- Patch
- Third Party Advisory
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.0.37 (исключая)
cpe:2.3:a:diracgrid:dirac:*:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00121
Низкий
9.1 Critical
CVSS3
7.5 High
CVSS3
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 9.1
github
почти 2 года назад
DIRAC's TokenManager does not check permissions on cached tokens
EPSS
Процентиль: 32%
0.00121
Низкий
9.1 Critical
CVSS3
7.5 High
CVSS3
Дефекты
CWE-200