An issue exists in HTCondor 8.8.x prior to 8.8.16, 9.0.x prior to 9.0.10, and 9.1.x prior to 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wisc htcondor |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |