CVE-2012-3493 — Sensitive Information Exposure in Project Condor

CWE-200 — Sensitive Information Exposure8 documents7 sources

Severity

5.8MEDIUMNVD

EPSS

0.8%

top 26.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Condor Project Condor

Timeline

PublishedSep 28

Latest updateMay 17

Description

The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶Debiancondor_project/condor< 7.8.2~dfsg.1-1+deb7u1+1

▶NVDcondor_project/condor14 versions+13

🔴Vulnerability Details

GHSA

GHSA-gqg4-4wpq-c69h: The command_give_request_ad function in condor_startd↗2022-05-17

▶

CVEList

CVE-2012-3493: The command_give_request_ad function in condor_startd↗2012-09-28

▶

OSV

CVE-2012-3493: The command_give_request_ad function in condor_startd↗2012-09-28

▶

📋Vendor Advisories

Red Hat

condor: GIVE_REQUEST_AD leaks privileged ClaimId information↗2012-09-19

▶

Debian

CVE-2012-3493: condor - The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6....↗2012

▶

💬Community

Bugzilla

CVE-2012-3491 CVE-2012-3492 CVE-2012-3493 condor various flaws [fedora-all]↗2012-09-19

▶

Bugzilla

CVE-2012-3493 condor: GIVE_REQUEST_AD leaks privileged ClaimId information↗2012-08-14

▶