Wisc: >> Htcondor >> 8.9.3 Security Vulnerabilities
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data.
CVSS Score
7.4
EPSS Score
0.001
Published
2022-04-06
HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-01-27
HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs)
CVSS Score
9.8
EPSS Score
0.028
Published
2020-04-27