9.8
CVE-2026-24124
- EPSS 0.11%
- Veröffentlicht 22.01.2026 22:20:20
- Zuletzt bearbeitet 26.02.2026 21:42:54
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginDragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints (/api/v1/jobs) lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with access to the Manager API to view, update and delete jobs. The issue is fixed in version 2.4.1-rc.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linuxfoundation ≫ Dragonfly SwPlatformgo Version < 2.4.1
Linuxfoundation ≫ Dragonfly Version2.4.1 Updatebeta0 SwPlatformgo
Linuxfoundation ≫ Dragonfly Version2.4.1 Updatebeta1 SwPlatformgo
Linuxfoundation ≫ Dragonfly Version2.4.1 Updaterc0 SwPlatformgo
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.291 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security-advisories@github.com | 8.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.