Skip to content

TokenManager not checking permissions on cached tokens

Critical
chrisburr published GHSA-59qj-jcjv-662j Feb 8, 2024

Package

pip DIRAC (pip)

Affected versions

>=8.0.0,<8.0.37

Patched versions

8.0.37

Description

Impact

Any user could get a token that has been requested by another user/agent

Patches

Has the problem been patched? What versions should users upgrade to?

Workarounds

None

References

Severity

Critical

CVE ID

CVE-2024-24825

Weaknesses

No CWEs

Credits