CVE-2024-24825: Exposure of Sensitive Information to an Unauthorized Actor

February 8, 2024

DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

github.com/DIRACGrid/DIRAC/commit/9487921684e2925b4cf72d6c423718cf4950f3fe
github.com/DIRACGrid/DIRAC/commit/f9ddab755b9a69acb85e14d2db851d8ac0c9648c
github.com/DIRACGrid/DIRAC/security/advisories/GHSA-59qj-jcjv-662j
github.com/advisories/GHSA-59qj-jcjv-662j

Detect and mitigate CVE-2024-24825 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →