NotCVE - vendor:"Wisc" product:"Htcondor" version:" >= 8.9.4

Page 2 of 8 results (0.004 seconds)

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-25311

https://notcve.org/view.php?id=CVE-2021-25311

condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root. La función condor_credd en HTCondor versiones anteriores a 8.9.11, permite el Salto de Directorio fuera del directorio SEC_CREDENTIAL_DIRECTORY_OAUTH, como es demostrado mediante la creación de un archivo bajo /etc que luego será ejecutado por root • https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0002.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-25312

https://notcve.org/view.php?id=CVE-2021-25312

HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method. HTCondor versiones anteriores a 8.9.11, permite a un usuario enviar un trabajo como otro usuario en el sistema, debido a un fallo en el método de autenticación IDTOKENS • https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0001.html • CWE-306: Missing Authentication for Critical Function •

CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2019-18823

https://notcve.org/view.php?id=CVE-2019-18823

HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs) HTCondor versiones hasta e incluyendo una serie estable 8.8.6 y la serie de desarrollo 8.9.4, tiene un Control de Acceso Incorrecto. Es posible usar un método de autenticación diferente para enviar un trabajo que el administrador ha especificado. • https://lists.debian.org/debian-lts-announce/2021/08/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3EOTJJOSMYKXIYXWSG3H4KN332EDSEB6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5YCZXYS67MLJSHR4OLSWVHBE6PZJSB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMPZ7XPOPA4JGAQAUJ4K7JV653DSCIDK https://research.cs.wisc.edu/htcondor https://research.cs.wisc.edu/htcondor/new.html https:/ • CWE-287: Improper Authentication •

1 2