CyberSec.Space Logo
Back to CVE Browser

CVE-2021-45102

HIGH
8.8
CVSS Severity Score
EPSS Score0.0900%
EPSS Percentile35.53th
PublishedDec 16, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow.

Affected Platforms (CPE)

πŸ“¦
Wisc

Htcondor

= 9.0.0
πŸ“¦
Wisc

Htcondor

= 9.0.1
πŸ“¦
Wisc

Htcondor

= 9.0.2
πŸ“¦
Wisc

Htcondor

= 9.1.0

References & Advisories

πŸ”— https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0004/
πŸ”— https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0004/

Related Vulnerabilities

CVE-2021-253119.9

condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonst...

CVE-2019-188239.8

HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use ...

CVE-2014-81268.8

The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.

CVE-2021-253128.8

HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authenticati...

CVE-2021-45102 Detail & Impact Analysis | CVSS 8.8 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space