CVE-2026-25138

Medium CVSS: 5.3

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username exists, allowing unauthenticated attackers to enumerate valid usernames. Versions 35.8.3, 38.5.4, and 39.3.1 fix the issue.

Vendor

Cern

Product

Rucio

CWE

CWE-204

Yayın Tarihi

2026-02-25 20:23:47

Güncelleme

2026-02-27 17:35:41

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-204 Rucio MEDIUM Cern 2026

Referanslar

https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#authentication-and-error-messages https://github.com/rucio/rucio/releases/tag/35.8.3 https://github.com/rucio/rucio/releases/tag/38.5.4 https://github.com/rucio/rucio/releases/tag/39.3.1 https://github.com/rucio/rucio/security/advisories/GHSA-38wq-6q2w-hcf9 https://github.com/rucio/rucio/security/advisories/GHSA-38wq-6q2w-hcf9

Benzer Kayıtlar

High

CVE-2026-33046

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In vers…

Medium

CVE-2026-28352

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In vers…

Medium

CVE-2026-25735

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific da…

Medium

CVE-2026-25736

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific da…

High

CVE-2026-25136

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific da…

High

CVE-2026-25733

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific da…