CVE-2024-29905

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-29905

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-29905.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-29905

Aliases

GHSA-v6f3-gh5h-mqwx

Published

2024-04-09T16:49:48.158Z

Modified

2026-04-09T10:06:14.733770Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L CVSS Calculator

Summary

DIRAC: Unauthorized users can read proxy contents during generation

Details

DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process (e.g., when using dirac-proxy-init), it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a short period of time (sub-millsecond) during the generation process. Version 8.0.41 contains a patch for the issue. As a workaround, setting the X509_USER_PROXY environment variable to a path that is inside a directory that is only readable to the current user avoids the potential risk. After the file has been written, it can be safely copied to the standard location (/tmp/x509up_uNNNN).

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/29xxx/CVE-2024-29905.json",
    "cwe_ids": [
        "CWE-668"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/diracgrid/dirac

Affected ranges

Type: GIT
Repo: https://github.com/diracgrid/dirac
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

aeb723aef33686a1e4f21378262707a48d640c1a

Affected versions

7.*

7.2a28

7.2a29

Other

v6r0

v6r1

v6r10

v6r10p1

v6r10p10

v6r10p11

v6r10p2

v6r10p3

v6r10p4

v6r10p6

v6r10p7

v6r10p8

v6r10p9

v6r18

v6r18p1

v6r19

v6r1p1

v6r1p2

v6r20

v6r2p6

v6r2p7

v6r2p8

v6r2p9

v6r3

v6r3p1

v6r3p2

v6r3p3

v6r3p4

v6r3p5

v6r3p6

v6r3p7

v6r3p8

v6r4

v6r4-pre1

v6r4-pre2

v6r4-pre3

v6r4-pre4

v6r4p1

v6r4p2

v6r5

v6r5-pre1

v6r5-pre10

v6r5-pre11

v6r5-pre12

v6r5-pre13

v6r5-pre14

v6r5-pre15

v6r5-pre2

v6r5-pre3

v6r5-pre4

v6r5-pre5

v6r5-pre6

v6r5-pre7

v6r5-pre8

v6r5-pre9

v6r5p1

v6r6

v6r6-pre1

v6r6-pre10

v6r6-pre11

v6r6-pre12

v6r6-pre13

v6r6-pre14

v6r6-pre2

v6r6-pre3

v6r6-pre6

v6r6-pre7

v6r6-pre8

v6r6-pre9

v6r6p1

v6r6p2

v6r7

v6r7-pre1

v6r7-pre10

v6r7-pre11

v6r7-pre12

v6r7-pre2

v6r7-pre3

v6r7-pre4

v6r7-pre5

v6r7-pre6

v6r7-pre7

v6r7-pre8

v6r7-pre9

v6r7p1

v6r7p10

v6r7p11

v6r7p12

v6r7p13

v6r7p14

v6r7p15

v6r7p16

v6r7p17

v6r7p18

v6r7p19

v6r7p2

v6r7p20

v6r7p3

v6r7p4

v6r7p5

v6r7p6

v6r7p7

v6r7p8

v6r7p9

v6r8

v6r8p1

v6r8p10

v6r8p11

v6r8p13

v6r8p14

v6r8p2

v6r8p3

v6r8p5

v6r8p6

v6r8p7

v6r8p8

v6r8p9

v6r9

v6r9p1

v6r9p10

v6r9p11

v6r9p12

v6r9p13

v6r9p14

v6r9p2

v6r9p5

v6r9p6

v6r9p7

v6r9p8

v6r9p9

v7r2

v7r2-pre10

v7r2-pre11

v7r2-pre12

v7r2-pre13

v7r2-pre14

v7r2-pre15

v7r2-pre16

v7r2-pre17

v7r2-pre18

v7r2-pre19

v7r2-pre20

v7r2-pre21

v7r2-pre22

v7r2-pre23

v7r2-pre24

v7r2-pre25

v7r2-pre26

v7r2-pre27

v7r2-pre28

v7r2-pre29

v7r2-pre30

v7r2-pre31

v7r2-pre32

v7r2-pre33

v7r2-pre34

v7r2-pre35

v7r2-pre36

v7r2-pre37

v7r2-pre38

v7r2-pre39

v7r2-pre8

v7r2-pre9

v7r3

v7r3-pre1

v7r3-pre10

v7r3-pre11

v7r3-pre12

v7r3-pre13

v7r3-pre14

v7r3-pre15

v7r3-pre16

v7r3-pre17

v7r3-pre18

v7r3-pre19

v7r3-pre2

v7r3-pre20

v7r3-pre21

v7r3-pre22

v7r3-pre23

v7r3-pre24

v7r3-pre3

v7r3-pre4

v7r3-pre5

v7r3-pre6

v7r3-pre7

v7r3-pre8

v7r3-pre9

v7r3p1

v7r4-pre1

v8r0

v8r0-pre1

v8r0-pre2

v8r0-pre3

v8r0-pre4

v7.*

v7.2.0

v7.2.0a32

v7.2.0a33

v7.2.0a34

v7.2.0a35

v7.2.0a36

v7.2.0a37

v7.2.0a38

v7.2.0a39

v7.2a31

v7.3.0

v7.3.0a10

v7.3.0a11

v7.3.0a13

v7.3.0a14

v7.3.0a15

v7.3.0a16

v7.3.0a17

v7.3.0a18

v7.3.0a19

v7.3.0a2

v7.3.0a20

v7.3.0a21

v7.3.0a22

v7.3.0a23

v7.3.0a24

v7.3.0a3

v7.3.0a4

v7.3.0a5

v7.3.0a6

v7.3.0a7

v7.3.0a8

v7.3.0a9

v7.3.1

v7.4.0a1

v8.*

v8.0.0.a18

v8.0.0a10

v8.0.0a11

v8.0.0a12

v8.0.0a13

v8.0.0a14

v8.0.0a15

v8.0.0a16

v8.0.0a17

v8.0.0a19

v8.0.0a20

v8.0.0a21

v8.0.0a22

v8.0.0a23

v8.0.0a24

v8.0.0a25

v8.0.0a26

v8.0.0a27

v8.0.0a28

v8.0.0a29

v8.0.0a7

v8.0.0a8

v8.0.1

v8.0.10

v8.0.11

v8.0.12

v8.0.13

v8.0.14

v8.0.15

v8.0.16

v8.0.17

v8.0.18

v8.0.19

v8.0.2

v8.0.20

v8.0.21

v8.0.22

v8.0.23

v8.0.24

v8.0.25

v8.0.26

v8.0.27

v8.0.28

v8.0.29

v8.0.3

v8.0.30

v8.0.31

v8.0.32

v8.0.33

v8.0.34

v8.0.35

v8.0.36

v8.0.37

v8.0.38

v8.0.39

v8.0.4

v8.0.40

v8.0.5

v8.0.6

v8.0.7

v8.0.8

v8.0.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-29905.json"