CVE-2024-24825

Exposure of Sensitive Information to an Unauthorized Actor in pypi/DIRAC

Identifiers

GHSA-59qj-jcjv-662j, CVE-2024-24825

Package Slug

pypi/DIRAC

Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor

Description

DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected Versions

All versions starting from 8.0.0 before 8.0.37

Solution

Upgrade to version 8.0.37 or above.

Last Modified

2024-02-09

source