Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Good to know:
Date: October 22, 2021
rucio-webui installations of the 1.26 release line potentially leak the contents of cookies to other sessions within a wsgi container. Impact is that Rucio authentication tokens are leaked to other users accessing the webui within a close timeframe, thus allowing users to access the webui with the leaked authentication token. Privileges are therefore also escalated. Rucio server / daemons are not affected by this issue, it is isolated to the webui. This issue is fixed in the 1.26.7 release of the rucio-webui.
Weakness Type (CWE)
Improper Access ControlCWE-284
Upgrade to version rucio-webui - 1.26.7
|Attack Vector (AV):||NETWORK|
|Attack Complexity (AC):||LOW|
|Privileges Required (PR):||NONE|
|User Interaction (UI):||REQUIRED|