8.8
CVE-2022-26110
- EPSS 1.4%
- Veröffentlicht 06.04.2022 02:15:08
- Zuletzt bearbeitet 21.11.2024 06:53:26
- CVE-Watchlists
- Unerledigt
An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.4% | 0.693 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
https://www.debian.org/security/2022/dsa-5144
https://lists.debian.org/debian-lts-announce/2022/04/msg00016.html
https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2022-0003/