Wisc: >> Htcondor >> 8.9.9 Security Vulnerabilities
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data.
CVSS Score
7.4
EPSS Score
0.001
Published
2022-04-06
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer.
CVSS Score
8.1
EPSS Score
0.003
Published
2022-04-06
condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.
CVSS Score
9.9
EPSS Score
0.028
Published
2021-01-27
HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-01-27