Headline
GHSA-59qj-jcjv-662j: DIRAC's TokenManager does not check permissions on cached tokens
Impact
Any user could get a token that has been requested by another user/agent
Patches
The vulnerability is fixed in version 8.0.37.
Workarounds
None
References
DIRAC’s TokenManager does not check permissions on cached tokens
Critical severity GitHub Reviewed Published Feb 8, 2024 in DIRACGrid/DIRAC • Updated Feb 8, 2024