HIGH🇵🇱 Wersja polska

CVE-2025-59345

CVSS 7.7v4.0pub. 2025-09-17upd. 2025-10-13

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The /api/v1/jobs and /preheats endpoints in Manager web UI are accessible without authentication. Any user with network access to the Manager can create, delete, and modify jobs, and create preheat jobs. An unauthenticated adversary with network access to a Manager web UI uses /api/v1/jobs endpoint to create hundreds of useless jobs. The Manager is in a denial-of-service state, and stops accepting requests from valid administrators. This vulnerability is fixed in 2.1.0.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Linuxfoundation Dragonfly

    APP
    Linuxfoundation
    < 2.1.10
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-27584CRITICAL9.8PL ✓ten sam produkt

Dragonfly: hardkodowany klucz JWT umożliwia pominięcie uwierzytelnienia

CVE-2026-24124HIGH8.9ten sam produkt

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 ...

CVE-2025-59353HIGH7.7ten sam produkt

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer ...

CVE-2025-59346MEDIUM5.5ten sam produkt

Dragonfly is an open source P2P-based file distribution and image acceleration system. Versions prior to 2.1.0...

CVE-2025-59348MEDIUM5.5ten sam produkt

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the pro...