PT-2022-17680 · Htcondor · Htcondor

Jaime Frey

Published

2022-04-06

Updated

2022-09-03

CVE-2022-26110

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HTCondor versions 8.8.x through 8.8.15 HTCondor versions 9.0.x through 9.0.9 HTCondor versions 9.1.x through 9.5.x

Description An issue was discovered in HTCondor. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon.

Recommendations For HTCondor versions 8.8.x through 8.8.15, update to version 8.8.16 or later. For HTCondor versions 9.0.x through 9.0.9, update to version 9.0.10 or later. For HTCondor versions 9.1.x through 9.5.x, update to version 9.6.0 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-26110

DLA-2984-1

DSA-5144-1

OPENSUSE-SU-2024:11976-1

Affected Products

Htcondor

PT-2022-17680 · Htcondor · Htcondor

CVE-2022-26110

Related Identifiers

Affected Products

References · 17