QwikSec

Security Database

CVE

CWE

Training

CVE-2019-18823

Published: Apr 27, 2020

Modified: Aug 5, 2024

PUBLISHED

Description

HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs)

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://research.cs.wisc.edu/htcondor/new.html

x_refsource_MISC

https://research.cs.wisc.edu/htcondor/

x_refsource_MISC

https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0003.html

x_refsource_CONFIRM

https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0002.html

x_refsource_MISC

https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0001.html

x_refsource_MISC

https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html

x_refsource_MISC

FEDORA-2020-ae934f6790

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-f9a598f815

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-fb5af97476

vendor-advisory

x_refsource_FEDORA

[debian-lts-announce] 20210801 [SECURITY] [DLA 2724-1] condor security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.