CVE-2021-45102 โ€” Incorrect Authorization in Htcondor

CWE-863 โ€” Incorrect Authorization5 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 43.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wisc Htcondor
Timeline
PublishedDec 16
Latest updateDec 17

Description

An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

โ–ถNVDwisc/htcondor4 versions+3

๐Ÿ”ดVulnerability Details

3
GHSA
GHSA-wwgj-pf6c-p6hc: An issue was discovered in HTCondor 9โ†—2021-12-17
โ–ถ
OSV
CVE-2021-45102: An issue was discovered in HTCondor 9โ†—2021-12-16
โ–ถ
CVEList
CVE-2021-45102: An issue was discovered in HTCondor 9โ†—2021-12-16
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Debian
CVE-2021-45102: condor - An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. W...โ†—2021
โ–ถ
CVE-2021-45102 โ€” Incorrect Authorization in Htcondor | cvebase