CVE-2008-3424 — Incorrect Authorization in Project Condor

CWE-863 — Incorrect Authorization7 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 29.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Condor Project Condor Fedoraproject Fedora

Timeline

PublishedJul 31

Latest updateMay 2

Description

Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcondor_project/condor< 7.0.4

Also affects: Fedora 9

🔴Vulnerability Details

GHSA

GHSA-q7rw-ph4p-r6ch: Condor before 7↗2022-05-02

▶

CVEList

CVE-2008-3424: Condor before 7↗2008-07-31

▶

📋Vendor Advisories

Red Hat

condor: incorrect handling of wild cards in authorization lists↗2008-07-23

▶

Debian

CVE-2008-3424: condor - Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_...↗2008

▶

💬Community

Bugzilla

CVE-2009-2953 firefox: CPU consumption via malicious javascript↗2009-08-24

▶

Bugzilla

CVE-2008-3424 condor: incorrect handling of wild cards in authorization lists↗2008-07-31

▶