Lucene search

DIRAC's TokenManager does not check permissions on cached tokens

🗓️ 08 Feb 2024 00:00:00Reported by https://gitlab.com/gitlab-org/security-products/gemnasium-dbType

Unauthorized access risk in DIRAC v8.0.37

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
OSV	DIRAC's TokenManager does not check permissions on cached tokens	8 Feb 202415:32	–	osv
OSV	CVE-2024-24825	9 Feb 202400:15	–	osv
Prion	Design/Logic Flaw	9 Feb 202400:15	–	prion
Cvelist	CVE-2024-24825 TokenManager not checking permissions on cached tokens in DIRAC	8 Feb 202423:39	–	cvelist
Veracode	Improper Authorization	9 Feb 202408:42	–	veracode
CVE	CVE-2024-24825	9 Feb 202400:15	–	cve
NVD	CVE-2024-24825	9 Feb 202400:15	–	nvd
Github Security Blog	DIRAC's TokenManager does not check permissions on cached tokens	8 Feb 202415:32	–	github

Vulners

Node

pypi diracRange8.0.0≥

pypi diracRange<8.0.37

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-24825
github	www.github.com/advisories/GHSA-59qj-jcjv-662j
github	www.github.com/DIRACGrid/DIRAC/security/advisories/GHSA-59qj-jcjv-662j
github	www.github.com/DIRACGrid/DIRAC/commit/9487921684e2925b4cf72d6c423718cf4950f3fe
github	www.github.com/DIRACGrid/DIRAC/commit/f9ddab755b9a69acb85e14d2db851d8ac0c9648c
github	www.github.com/DIRACGrid/DIRAC
github	www.github.com/pypa/advisory-database/tree/main/vulns/dirac/PYSEC-2024-125.yaml

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

08 Feb 2024 00:00Current

8.3High risk

Vulners AI Score8.3

CVSS37.5 - 9.1

EPSS0.00089