Jaime Frey

**Name of the Vulnerable Software and Affected Versions** HTCondor versions 9.0.x through 9.0.9 HTCondor versions 9.1.x through 9.4.x **Description** An issue was discovered that allows an attacker who can capture HTCondor network data to interfere with users' jobs and data. **Recommendations** For HTCondor versions 9.0.x through 9.0.9, update to version 9.0.10 or later. For HTCondor versions 9.1.x through 9.4.x, update to version 9.5.1 or later.

**Name of the Vulnerable Software and Affected Versions** HTCondor versions 8.8.x through 8.8.15 HTCondor versions 9.0.x through 9.0.9 HTCondor versions 9.1.x through 9.5.x **Description** An issue was discovered in HTCondor. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon. **Recommendations** For HTCondor versions 8.8.x through 8.8.15, update to version 8.8.16 or later. For HTCondor versions 9.0.x through 9.0.9, update to version 9.0.10 or later. For HTCondor versions 9.1.x through 9.5.x, update to version 9.6.0 or later.

Name of the Vulnerable Software and Affected Versions: HTCondor versions prior to 8.8.15 HTCondor versions 9.0.x prior to 9.0.4 HTCondor versions 9.1.x prior to 9.1.2 Description: An issue was discovered in HTCondor that allows a user with only READ access to an HTCondor SchedD or Collector daemon to discover secrets. These secrets could allow them to control other users' jobs and/or read their data using standard command-line tools. Recommendations: For HTCondor versions prior to 8.8.15, update to version 8.8.15 or later. For HTCondor versions 9.0.x prior to 9.0.4, update to version 9.0.4 or later. For HTCondor versions 9.1.x prior to 9.1.2, update to version 9.1.2 or later.

Name of the Vulnerable Software and Affected Versions: HTCondor versions 8.6.x through 8.6.7 HTCondor versions 8.7.x through 8.7.4 Description: The issue allows remote authenticated users to cause a denial of service, resulting in a daemon crash. This is achieved by leveraging the use of GSI and VOMS extensions in the condor schedd component. Recommendations: For HTCondor versions 8.6.x through 8.6.7, update to version 8.6.8 or later. For HTCondor versions 8.7.x through 8.7.4, update to version 8.7.5 or later.