GHSA-7XW9-549R-8JRC: SQL Injection and Improper Access Control in DIRAC PilotManager
Vulnerability ID: GHSA-7XW9-549R-8JRC
CVSS Score: 8.5
Published: 2026-07-13
The DIRAC PilotManager component contains combined security weaknesses: a SQL injection vulnerability (CWE-89) in the PilotAgentsDB database interaction layer, and an improper access control configuration (CWE-284) within the default authorization structure. A low-privilege authenticated attacker can bypass intended authorization checks to run administrative commands, manipulate grid job tracking records, and execute arbitrary SQL statements against the backend database.
TL;DR
An authenticated user with low privileges can perform blind SQL injection and unauthorized administrative tasks in the DIRAC framework due to unsanitized input formatting and overly permissive default access controls.
Technical Details
- CWE ID: CWE-89 (SQL Injection), CWE-284 (Improper Access Control)
- Attack Vector: Network
- CVSS v3.1 Score: 8.5 (High)
- Exploit Status: none
- KEV Status: Not Listed
Affected Systems
- DIRAC (Distributed Infrastructure with Remote Agent Control) framework Workload Management System
-
DIRAC: >= 6, < 8.0.79 (Fixed in:
8.0.79) -
DIRAC: >= 8.1.0a1, < 9.0.22 (Fixed in:
9.0.22) -
DIRAC: >= 9.1.0, < 9.1.10 (Fixed in:
9.1.10)
Mitigation Strategies
- Upgrade DIRAC instances to patched release versions.
- Apply restrictive authorization rules inside ConfigTemplate.cfg to replace the default authenticated permit.
- Implement network monitoring to detect anomalous administrative queries on Port 9171.
Remediation Steps:
- Confirm current DIRAC release versions across deployment nodes.
- For systems running the v8.0 stream, upgrade to version 8.0.79 or newer.
- For systems running the v9.0 stream, upgrade to version 9.0.22 or newer.
- For systems running the v9.1 stream, upgrade to version 9.1.10 or newer.
- If immediate upgrading is not feasible, modify the local configuration registry to set PilotManager -> Authorization -> Default to 'Operator'.
References
- GitHub Advisory Database Record
- GitHub Repository Security Advisory
- PyPI release reference 8.0.79
- PyPI release reference 9.0.22
- PyPI release reference 9.1.10
- Vulnerable Service Handler Source Reference
- Vulnerable Database Layer Source Reference
- Vulnerable Configuration Template Reference
Read the full report for GHSA-7XW9-549R-8JRC on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)