How severe is CVE-2024-29905?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-29905?

This is classified as CWE-668, which is a common weakness in software security.

CVE-2024-29905 - HIGH Severity | CVSS 8.1

Vulnerability Description

DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process (e.g., when using `dirac-proxy-init`), it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a short period of time (sub-millsecond) during the generation process. Version 8.0.41 contains a patch for the issue. As a workaround, setting the `X509_USER_PROXY` environment variable to a path that is inside a directory that is only readable to the current user avoids the potential risk. After the file has been written, it can be safely copied to the standard location (`/tmp/x509up_uNNNN`).

Related Vulnerabilities

CVE-2018-1840

HIGH

CVSS:8.1(High)

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other th...

CWE-6682018

CVE-2019-16387

HIGH

CVSS:8.1(High)

PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. (This can perform actio...

CWE-6682019

CVE-2020-25039

HIGH

CVSS:8.1(High)

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.

CWE-6682020

CVE-2020-5386

HIGH

CVSS:8.1(High)

Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running ser...

CWE-6682020

CVE-2022-22515

HIGH

CVSS:8.1(High)

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected ...

CWE-6682022

CVE-2022-23835

HIGH

CVSS:8.1(High)

The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READ_SMS permission, and reads an IMAP c...

CWE-6682022