VDB
CVE-2019-18823
CVE-2019-18823
PUBLISHED
HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs)
EPSS 2.82% · 86.4th percentile
Risk Scores
EPSS Score
2.82%
86.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:14.04:LTS | condor | 8.0.5~dfsg.1-1ubuntu1+esm1, *, * |
| Ubuntu:18.04:LTS | condor | 8.6.8~dfsg.1-2, *, 0 |
| Ubuntu:24.04:LTS | condor | 23.2.0+dfsg-1, 23.2.0+dfsg-2, 23.4.0+dfsg-1ubuntu2 |
| Ubuntu:Pro:16.04:LTS | condor | 8.4.2~dfsg.1-1, 8.4.2~dfsg.1-1build1, * |
| Ubuntu:20.04:LTS | condor | 0, 8.6.8~dfsg.1-2ubuntu1, * |
| Ubuntu:25.10 | condor | 0, 23.6.2+dfsg-2build1, 23.9.6+dfsg-2build1 |
Exploit Intelligence
- https://research.cs.wisc.edu/htcondor/new.html (circl)
- https://research.cs.wisc.edu/htcondor/ (circl)
- https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0003.html (circl)
- https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0002.html (circl)
- https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0001.html (circl)
- https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html (circl)
- FEDORA-2020-ae934f6790 (circl)
- FEDORA-2020-f9a598f815 (circl)
- FEDORA-2020-fb5af97476 (circl)
- [debian-lts-announce] 20210801 [SECURITY] [DLA 2724-1] condor security update (circl)
…and 1 more exploits
Timeline
- Apr 27, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-18823 third-party-advisory
- https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0001.html third-party-advisory
- https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0002.html third-party-advisory
- https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0003.html third-party-advisory
- https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html third-party-advisory
- https://github.com/htcondor/htcondor/commit/95eaee86e7ad3852c17df46a1b8b193dabd1fd14 third-party-advisory
- https://github.com/htcondor/htcondor/commit/07e33c8b14aa00e04d045d4d79c963db082a3129 third-party-advisory
- https://github.com/htcondor/htcondor/commit/cbcb93695a932d511c1c7bd40aed1eabeff01d8d third-party-advisory
- https://github.com/htcondor/htcondor/commit/3916209123a8ef762b7a9cd84ca0cf8b2cd99716 third-party-advisory
- https://github.com/htcondor/htcondor/commit/5c84c6f0b3db4eda1eec42c2c708069bb9393f0b third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-18823 third-party-advisory