Candidate: CVE-2021-45102
PublicDate: 2021-12-16 05:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45102
 https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0004/
Description:
 An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before
 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user
 may be granted authorizations beyond what the token should allow.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_condor:
upstream_condor: not-affected (debian: Only affects 9.0.0 and above)
trusty/esm_condor: not-affected (Only affects 9.0.0 and above)
trusty_condor: ignored (out of standard support)
xenial_condor: ignored (out of standard support)
bionic_condor: not-affected (Only affects 9.0.0 and above)
focal_condor: not-affected (Only affects 9.0.0 and above)