Page 2 of 7 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-25312

https://notcve.org/view.php?id=CVE-2021-25312

HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method. HTCondor versiones anteriores a 8.9.11, permite a un usuario enviar un trabajo como otro usuario en el sistema, debido a un fallo en el método de autenticación IDTOKENS • https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0001.html • CWE-306: Missing Authentication for Critical Function •

CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2019-18823

https://notcve.org/view.php?id=CVE-2019-18823

HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs) HTCondor versiones hasta e incluyendo una serie estable 8.8.6 y la serie de desarrollo 8.9.4, tiene un Control de Acceso Incorrecto. Es posible usar un método de autenticación diferente para enviar un trabajo que el administrador ha especificado. • https://lists.debian.org/debian-lts-announce/2021/08/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3EOTJJOSMYKXIYXWSG3H4KN332EDSEB6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5YCZXYS67MLJSHR4OLSWVHBE6PZJSB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMPZ7XPOPA4JGAQAUJ4K7JV653DSCIDK https://research.cs.wisc.edu/htcondor https://research.cs.wisc.edu/htcondor/new.html https:/ • CWE-287: Improper Authentication •