CVE-2024-24825
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-24825
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24825.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-24825
- Aliases
- Published
- 2024-02-08T23:39:28Z
- Modified
- 2025-10-30T20:24:40.044502Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- TokenManager not checking permissions on cached tokens in DIRAC
- Details
-
DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- Database specific
{ "cwe_ids": [ "CWE-200" ] }- References
Affected packages
Git / github.com/diracgrid/dirac
Affected versions
v8.*
v8.0.0
v8.0.1
v8.0.10
v8.0.11
v8.0.12
v8.0.13
v8.0.14
v8.0.15
v8.0.16
v8.0.17
v8.0.18
v8.0.19
v8.0.2
v8.0.20
v8.0.21
v8.0.22
v8.0.23
v8.0.24
v8.0.25
v8.0.26
v8.0.27
v8.0.28
v8.0.29
v8.0.3
v8.0.30
v8.0.31
v8.0.32
v8.0.33
v8.0.34
v8.0.35
v8.0.36
v8.0.4
v8.0.5
v8.0.6
v8.0.7
v8.0.8
v8.0.9