CVE-2024-29905: DIRAC: Unauthorized users can read proxy contents during generation

April 9, 2024

During the proxy generation process (e.g., when using dirac-proxy-init) it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy.

This vulnerability only exists for a short period of time (sub-millsecond) during the generation process.

References

github.com/DIRACGrid/DIRAC
github.com/DIRACGrid/DIRAC/commit/1faa709341969a6321e29c843ca94039d33b2c3d
github.com/DIRACGrid/DIRAC/security/advisories/GHSA-v6f3-gh5h-mqwx
github.com/advisories/GHSA-v6f3-gh5h-mqwx
nvd.nist.gov/vuln/detail/CVE-2024-29905

Detect and mitigate CVE-2024-29905 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →