CVE-2022-26110

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
06/04/2022
Last modified:
03/09/2022

Description

An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:wisc:htcondor:*:*:*:*:*:*:*:* 8.8.0 (including) 8.8.16 (excluding)
cpe:2.3:a:wisc:htcondor:*:*:*:*:*:*:*:* 9.0.0 (including) 9.0.10 (excluding)
cpe:2.3:a:wisc:htcondor:*:*:*:*:*:*:*:* 9.1.0 (including) 9.6.0 (excluding)
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*