PT-2020-9988 · Htcondor · Htcondor
Tj Knoeller
·
Published
2020-04-27
·
Updated
2022-10-06
·
CVE-2019-18823
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
HTCondor versions 8.8.6 and earlier
HTCondor versions 8.9.4 and earlier
Description:
The issue is related to Incorrect Access Control, allowing the use of a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, it is possible to impersonate another user to the condor schedd, potentially allowing actions such as submitting or removing jobs.
Recommendations:
For HTCondor versions 8.8.6 and earlier, update to a version that includes the fix for this issue.
For HTCondor versions 8.9.4 and earlier, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting the use of CLAIMTOBE in the READ and WRITE methods to prevent impersonation.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Htcondor