CVE-2014-8126 — Improper Input Validation in Htcondor

CWE-20 — Improper Input Validation CWE-78 — OS Command Injection10 documents8 sources

Severity

8.8HIGHNVD

EPSS

1.5%

top 19.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Condor Project Condor Wisc Htcondor Htcondor

Timeline

PublishedJan 31

Latest updateMay 17

Description

The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDwisc/htcondor< 8.2.6

▶CVEListV5htcondor/htcondorbefore 8.2.6

▶Debiancondor_project/condor< 8.2.3~dfsg.1-6+1

▶Ubuntucondor_project/condor< 8.0.5~dfsg.1-1ubuntu1+esm1+1

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-4cwh-h77q-9rqx: The scheduler in HTCondor before 8↗2022-05-17

▶

OSV

condor vulnerabilities↗2021-03-15

▶

OSV

CVE-2014-8126: The scheduler in HTCondor before 8↗2020-01-31

▶

CVEList

CVE-2014-8126: The scheduler in HTCondor before 8↗2020-01-31

▶

📋Vendor Advisories

Ubuntu

HTCondor vulnerabilities↗2021-03-15

▶

Red Hat

condor: mailx invocation enables code execution as condor user↗2015-01-12

▶

Debian

CVE-2014-8126: condor - The scheduler in HTCondor before 8.2.6 allows remote authenticated users to exec...↗2014

▶

💬Community

Bugzilla

CVE-2014-8126 condor: mailx invocation enables code execution as condor user [fedora-all]↗2015-01-12

▶

Bugzilla

CVE-2014-8126 condor: mailx invocation enables code execution as condor user↗2014-12-02

▶