CVE-2021-25312Missing Authentication for Critical Function in Htcondor

CWE-306Missing Authentication for Critical Function5 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.5%
top 35.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wisc Htcondor
Timeline
PublishedJan 27
Latest updateMay 24

Description

HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDwisc/htcondor8.9.28.9.11

🔴Vulnerability Details

3
GHSA
GHSA-7qrc-8ggr-g3p9: HTCondor before 82022-05-24
CVEList
CVE-2021-25312: HTCondor before 82021-01-27
OSV
CVE-2021-25312: HTCondor before 82021-01-27

📋Vendor Advisories

1
Debian
CVE-2021-25312: condor - HTCondor before 8.9.11 allows a user to submit a job as another user on the syst...2021
CVE-2021-25312 — Wisc Htcondor vulnerability | cvebase