CVE-2012-3491 — Project Condor vulnerability

CWE-2648 documents7 sources
Severity
4.0MEDIUMNVD
EPSS
1.1%
top 21.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Condor Project Condor
Timeline
PublishedSep 28
Latest updateMay 17

Description

src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

â–¶Debiancondor_project/condor< 7.8.2~dfsg.1-1+deb7u1+1
â–¶NVDcondor_project/condor14 versions+13

🔴Vulnerability Details

3
GHSA
GHSA-3h4f-jgvh-wjvm: src/condor_schedd↗2022-05-17
â–¶
OSV
CVE-2012-3491: src/condor_schedd↗2012-09-28
â–¶
CVEList
CVE-2012-3491: src/condor_schedd↗2012-09-28
â–¶

📋Vendor Advisories

2
Red Hat
condor: local users can abort any idle jobs↗2012-09-19
â–¶
Debian
CVE-2012-3491: condor - src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7...↗2012
â–¶

💬Community

2
Bugzilla
CVE-2012-3491 CVE-2012-3492 CVE-2012-3493 condor various flaws [fedora-all]↗2012-09-19
â–¶
Bugzilla
CVE-2012-3491 condor: local users can abort any idle jobs↗2012-08-14
â–¶
CVE-2012-3491 — Condor Project Condor vulnerability | cvebase