{"id":"PYSEC-2024-125","details":"DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability.","aliases":["CVE-2024-24825","GHSA-59qj-jcjv-662j"],"modified":"2024-11-21T14:57:21.293226Z","published":"2024-02-09T00:15:00Z","references":[{"type":"ADVISORY","url":"https://github.com/DIRACGrid/DIRAC/security/advisories/GHSA-59qj-jcjv-662j"},{"type":"FIX","url":"https://github.com/DIRACGrid/DIRAC/commit/f9ddab755b9a69acb85e14d2db851d8ac0c9648c"}],"affected":[{"package":{"name":"dirac","ecosystem":"PyPI","purl":"pkg:pypi/dirac"},"ranges":[{"type":"GIT","repo":"https://github.com/DIRACGrid/DIRAC","events":[{"introduced":"0"},{"fixed":"f9ddab755b9a69acb85e14d2db851d8ac0c9648c"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.0.37"}]}],"versions":["7.2.0","7.2.0a32","7.2.0a33","7.2.0a34","7.2.0a35","7.2.0a36","7.2.0a38","7.2.0a39","7.2.1","7.2.10","7.2.12","7.2.13","7.2.14","7.2.15","7.2.16","7.2.19","7.2.2","7.2.20","7.2.21","7.2.22","7.2.23","7.2.24","7.2.25","7.2.26","7.2.27","7.2.28","7.2.3","7.2.30","7.2.31","7.2.32","7.2.33","7.2.34","7.2.35","7.2.36","7.2.37","7.2.38","7.2.39","7.2.4","7.2.40","7.2.41","7.2.42","7.2.43","7.2.44","7.2.45","7.2.46","7.2.47","7.2.48","7.2.49","7.2.5","7.2.50","7.2.51","7.2.52","7.2.6","7.2.7","7.2.8","7.2.9","7.2a29","7.3.0a10","7.3.0a11","7.3.0a13","7.3.0a14","7.3.0a15","7.3.0a16","7.3.0a17","7.3.0a18","7.3.0a19","7.3.0a2","7.3.0a20","7.3.0a21","7.3.0a22","7.3.0a23","7.3.0a24","7.3.0a3","7.3.0a4","7.3.0a5","7.3.0a6","7.3.0a7","7.3.0a8","7.3.0a9","7.3.1","7.3.10","7.3.11","7.3.12","7.3.13","7.3.14","7.3.15","7.3.16","7.3.17","7.3.18","7.3.19","7.3.2","7.3.20","7.3.21","7.3.22","7.3.23","7.3.24","7.3.26","7.3.27","7.3.28","7.3.29","7.3.3","7.3.30","7.3.31","7.3.32","7.3.33","7.3.34","7.3.35","7.3.36","7.3.37","7.3.38","7.3.4","7.3.5","7.3.6","7.3.7","7.3.8","7.3.9","7.4.0a1","8.0.0","8.0.0a1","8.0.0a10","8.0.0a11","8.0.0a12","8.0.0a13","8.0.0a14","8.0.0a15","8.0.0a16","8.0.0a17","8.0.0a18","8.0.0a19","8.0.0a20","8.0.0a21","8.0.0a22","8.0.0a23","8.0.0a24","8.0.0a25","8.0.0a26","8.0.0a27","8.0.0a28","8.0.0a29","8.0.0a5","8.0.0a6","8.0.0a7","8.0.0a8","8.0.0a9","8.0.1","8.0.10","8.0.11","8.0.12","8.0.13","8.0.14","8.0.15","8.0.16","8.0.17","8.0.18","8.0.19","8.0.2","8.0.20","8.0.21","8.0.22","8.0.23","8.0.24","8.0.25","8.0.26","8.0.27","8.0.28","8.0.29","8.0.3","8.0.30","8.0.31","8.0.32","8.0.33","8.0.34","8.0.35","8.0.36","8.0.4","8.0.5","8.0.6","8.0.7","8.0.8","8.0.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/dirac/PYSEC-2024-125.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}