Source: condor Version: 8.6.8~dfsg.1-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for condor. CVE-2021-45101[0]: | An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, | and 9.1.x before 9.1.2. Using standard command-line tools, a user with | only READ access to an HTCondor SchedD or Collector daemon can | discover secrets that could allow them to control other users' jobs | and/or read their data. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-45101 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45101 [1] https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0003/ [2] https://github.com/htcondor/htcondor/8b311dee6dee6be518e65381e020fb74848b552b Please adjust the affected versions in the BTS as needed. Regards, Salvatore