HIGH🇬🇧 English

CVE-2025-59345

CVSS 7.7v4.0pub. 2025-09-17upd. 2025-10-13

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The /api/v1/jobs and /preheats endpoints in Manager web UI are accessible without authentication. Any user with network access to the Manager can create, delete, and modify jobs, and create preheat jobs. An unauthenticated adversary with network access to a Manager web UI uses /api/v1/jobs endpoint to create hundreds of useless jobs. The Manager is in a denial-of-service state, and stops accepting requests from valid administrators. This vulnerability is fixed in 2.1.0.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Linuxfoundation Dragonfly

    APP
    Linuxfoundation
    < 2.1.10
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-27584CRITICAL9.8PL ✓ten sam produkt

Dragonfly: hardkodowany klucz JWT umożliwia pominięcie uwierzytelnienia

CVE-2026-24124HIGH8.9ten sam produkt

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 ...

CVE-2025-59353HIGH7.7ten sam produkt

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer ...

CVE-2025-59346MEDIUM5.5ten sam produkt

Dragonfly is an open source P2P-based file distribution and image acceleration system. Versions prior to 2.1.0...

CVE-2025-59348MEDIUM5.5ten sam produkt

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the pro...