Vulnerability in Condor_project Condor
CVE-2012-3491
src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors.
EPSS: 0.011 (78.6th percentile) — read the EPSS interpretation.
Affected products
- Condor_project Condor — versions 7.6.0, 7.6.1, 7.6.2
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_MISC)
- 55632 (vdb-entry, x_refsource_BID)
- RHSA-2012:1278 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- RHSA-2012:1281 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- 50666 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- [oss-security] 20120920 Notification of upstream Condor security fixes (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM)