Wisc Htcondor vulnerabilities

13 known vulnerabilities affecting wisc/htcondor.

Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH9MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-66433MEDIUMCVSS 4.2≥ 24.7.3, < 24.12.14≥ 25.0.0, < 25.0.3+1 more2025-11-30
CVE-2025-66433 [MEDIUM] CWE-863 CVE-2025-66433: HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the l HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3.
cvelistv5nvd
CVE-2025-30093HIGHCVSS 8.1≥ 23.0.0, < 23.0.22≥ 23.10.1, < 23.10.22+1 more2025-03-27
CVE-2025-30093 [HIGH] CWE-863 CVE-2025-30093: HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x before 24.0.6, and 24.6.x before 24. HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x before 24.0.6, and 24.6.x before 24.6.1 allows authenticated attackers to bypass authorization restrictions.
nvd
CVE-2021-45104HIGHCVSS 7.4≥ 8.9.3, < 9.0.10≥ 9.1.0, < 9.6.02022-04-06
CVE-2021-45104 [HIGH] CWE-319 CVE-2021-45104: An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data.
nvd
CVE-2022-26110HIGHCVSS 8.8≥ 8.8.0, < 8.8.16≥ 9.0.0, < 9.0.10+1 more2022-04-06
CVE-2022-26110 [HIGH] CVE-2022-26110: An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0 An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon.
nvd
CVE-2021-45103HIGHCVSS 8.1≥ 8.9.4, < 9.0.10≥ 9.1.0, < 9.6.02022-04-06
CVE-2021-45103 [HIGH] CWE-532 CVE-2021-45103: An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can acce An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer.
nvd
CVE-2021-45101HIGHCVSS 8.1≤ 8.8.13≥ 9.0.0, ≤ 9.0.2+1 more2021-12-16
CVE-2021-45101 [HIGH] CVE-2021-45101: An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users' jobs and/or read their data.
nvd
CVE-2021-45102HIGHCVSS 8.8v9.0.0v9.0.1+2 more2021-12-16
CVE-2021-45102 [HIGH] CWE-863 CVE-2021-45102: An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating t An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow.
nvd
CVE-2021-25311CRITICALCVSS 9.9≥ 8.9.7, < 8.9.112021-01-27
CVE-2021-25311 [CRITICAL] CWE-22 CVE-2021-25311: condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTO condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root.
nvd
CVE-2021-25312HIGHCVSS 8.8≥ 8.9.2, < 8.9.112021-01-27
CVE-2021-25312 [HIGH] CWE-306 CVE-2021-25312: HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a fla HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method.
nvd
CVE-2019-18823CRITICALCVSS 9.8≥ 8.8.0, ≤ 8.8.6≥ 8.9.0, ≤ 8.9.42020-04-27
CVE-2019-18823 [CRITICAL] CWE-287 CVE-2019-18823: HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access C HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user
nvd
CVE-2014-8126HIGHCVSS 8.8fixed in 8.2.62020-01-31
CVE-2014-8126 [HIGH] CWE-20 CVE-2014-8126: The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code. The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.
nvd
CVE-2012-3490HIGHCVSS 8.8≥ 7.6.0, < 7.6.10≥ 7.8.0, < 7.8.42020-01-09
CVE-2012-3490 [HIGH] CVE-2012-3490: The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) syst The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to g
nvd
CVE-2017-16816MEDIUMCVSS 6.5fixed in 8.6.8≥ 8.7.0, < 8.7.52018-07-05
CVE-2017-16816 [MEDIUM] CWE-20 CVE-2017-16816: The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authentica The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service (daemon crash) by leveraging use of GSI and VOMS extensions.
nvd