Brian Bockleman

Name of the Vulnerable Software and Affected Versions: HTCondor versions prior to 8.9.11 Description: The issue allows a user to submit a job as another user on the system due to a flaw in the `IDTOKENS` authentication method. Recommendations: For versions prior to 8.9.11, update to version 8.9.11 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: HTCondor versions 8.6.x through 8.6.7 HTCondor versions 8.7.x through 8.7.4 Description: The issue allows remote authenticated users to cause a denial of service, resulting in a daemon crash. This is achieved by leveraging the use of GSI and VOMS extensions in the condor schedd component. Recommendations: For HTCondor versions 8.6.x through 8.6.7, update to version 8.6.8 or later. For HTCondor versions 8.7.x through 8.7.4, update to version 8.7.5 or later.