vulnerability

Debian: CVE-2019-18823: condor -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Apr 27, 2020	Aug 3, 2021	May 26, 2022

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Apr 27, 2020

Added

Aug 3, 2021

Modified

May 26, 2022

Description

HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs)

Solution

debian-upgrade-condor

References

CVE-2019-18823
https://attackerkb.com/topics/CVE-2019-18823
DEBIAN-DLA-2724-1
DEBIAN-DSA-5144

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today