Zach Miller

Name of the Vulnerable Software and Affected Versions: HTCondor versions prior to 8.9.11 Description: The issue allows Directory Traversal outside the SEC CREDENTIAL DIRECTORY OAUTH directory. This can be demonstrated by creating a file under /etc that will later be executed by root. Recommendations: For versions prior to 8.9.11, update to version 8.9.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the SEC CREDENTIAL DIRECTORY OAUTH directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Condor versions 7.7.3 through 7.7.6 Condor versions 7.8.0 through 7.8.4 Condor version 7.9.0 **Description** The issue is related to the standard universe shadow component in Condor, which does not properly check privileges. This allows remote attackers to gain privileges via a crafted standard universe job. **Recommendations** For Condor versions 7.7.3 through 7.7.6, update to a version outside of this range to resolve the issue. For Condor versions 7.8.0 through 7.8.4, update to version 7.8.5 or later to resolve the issue. For Condor version 7.9.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.