Browse all 3 CVE security advisories affecting DIRACGrid. AI-powered Chinese analysis, POCs, and references for each vulnerability.
DIRACGrid is a distributed computing framework primarily used for scientific data processing and workload management across high-energy physics research environments. Historically, it has been susceptible to remote code execution vulnerabilities through insecure service interfaces, cross-site scripting flaws in web components, and privilege escalation weaknesses due to improper access controls. The platform's distributed nature introduces complex attack surfaces, with past incidents involving unauthorized access to compute resources and data exfiltration. While specific major incidents remain limited in public disclosure, the three documented CVEs highlight persistent security challenges in authentication mechanisms and inter-node communication protocols, necessitating rigorous hardening for production deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-29905 | DIRAC: Unauthorized users can read proxy contents during generation — DIRACCWE-668 | 8.1 | High | 2024-04-09 |
| CVE-2024-24825 | TokenManager not checking permissions on cached tokens in DIRAC — DIRACCWE-200 | 9.1 | Critical | 2024-02-08 |
This page lists every published CVE security advisory associated with DIRACGrid. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.