CVE-2021-25311Path Traversal in Htcondor

CWE-22Path Traversal5 documents5 sources
Severity
9.9CRITICALNVD
EPSS
2.8%
top 13.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wisc Htcondor
Timeline
PublishedJan 27
Latest updateMay 24

Description

condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages1 packages

NVDwisc/htcondor8.9.78.9.11

🔴Vulnerability Details

3
GHSA
GHSA-h7mc-jr2r-m38g: condor_credd in HTCondor before 82022-05-24
CVEList
CVE-2021-25311: condor_credd in HTCondor before 82021-01-27
OSV
CVE-2021-25311: condor_credd in HTCondor before 82021-01-27

📋Vendor Advisories

1
Debian
CVE-2021-25311: condor - condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SE...2021
CVE-2021-25311 — Path Traversal in Wisc Htcondor | cvebase