CVE-2021-45101 — Resource Exposure in Htcondor

CWE-668 — Resource Exposure5 documents5 sources

Severity

8.1HIGHNVD

EPSS

0.4%

top 41.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Condor Project Condor Wisc Htcondor

Timeline

PublishedDec 16

Latest updateDec 17

Description

An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users' jobs and/or read their data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶NVDwisc/htcondor9.0.0 — 9.0.2+2

▶Debiancondor_project/condor< 23.2.0+dfsg-1+1

🔴Vulnerability Details

GHSA

GHSA-4vrw-qvg8-27qc: An issue was discovered in HTCondor before 8↗2021-12-17

▶

CVEList

CVE-2021-45101: An issue was discovered in HTCondor before 8↗2021-12-16

▶

OSV

CVE-2021-45101: An issue was discovered in HTCondor before 8↗2021-12-16

▶

📋Vendor Advisories

Debian

CVE-2021-45101: condor - An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x...↗2021

▶