CVE-2021-45102
HIGHHTCondor 9.0.x-9.0.4 and 9.1.x-9.1.2 - Incorrect Authorization via SciToken Authentication
Title source: llmDescription
An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory x_refsource_misc
https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0004/
Scores
CVSS v3
8.8
EPSS
0.0090
EPSS Percentile
55.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-863
Status
published
Products (4)
wisc/htcondor
9.0.0
wisc/htcondor
9.0.1
wisc/htcondor
9.0.2
wisc/htcondor
9.1.0
Published
Dec 16, 2021
Tracked Since
Feb 18, 2026