4 matches found
PYSEC-2024-125
DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known...
Design/Logic Flaw
DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known...
CVE-2024-24825
DIRAC’s TokenManager vulnerability (CVE-2024-24825) affects DIRAC before version 8.0.37, allowing any user to obtain a token requested by another user/agent and potentially expose resources. The issue is fixed in 8.0.37; upg rade to that release. Other sources (GitHub advisory GHSA-59qj-jcjv-662j...
DIRAC's TokenManager does not check permissions on cached tokens
Any user could get a token that has been requested by another user/agent...