Candidate: CVE-2022-26110
PublicDate: 2022-04-06 02:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26110
 https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0003
 https://github.com/htcondor/htcondor/commit/1cae7601d796725e7f5dd73fedf37f6fbbe379ca (V8_8_16)
 https://github.com/htcondor/htcondor/commit/8568e8ba65c9490f30a1089b6d4f8910e4bfbd6b (V8_8_16)
Description:
 An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before
 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor
 daemon via the CLAIMTOBE method, the user can then impersonate any entity
 when issuing additional commands to that daemon.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_condor:
upstream_condor: needs-triage
trusty/esm_condor: needs-triage
trusty_condor: ignored (out of standard support)
xenial_condor: ignored (out of standard support)
bionic_condor: needs-triage
focal_condor: needs-triage