PT-2021-24208 · Htcondor · Htcondor

Jeny Teheran

Published

2021-12-16

Updated

2021-12-22

CVE-2021-45102

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: HTCondor versions 9.0.x through 9.0.3 HTCondor versions 9.1.x through 9.1.1

Description: An issue was discovered in HTCondor when authenticating to an HTCondor daemon using a SciToken. A user may be granted authorizations beyond what the token should allow.

Recommendations: For HTCondor versions 9.0.x through 9.0.3, update to version 9.0.4 or later. For HTCondor versions 9.1.x through 9.1.1, update to version 9.1.2 or later.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2021-45102

Affected Products

Htcondor

PT-2021-24208 · Htcondor · Htcondor

CVE-2021-45102

Weakness Enumeration

Related Identifiers

Affected Products

References · 7