CVE-2009-4133

Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.

Published: Dec 23, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-4133
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
condor_project / condor	6.5.4	6.5.4.x
condor_project / condor	6.8.0	6.8.0.x
condor_project / condor	6.8.1	6.8.1.x
condor_project / condor	6.8.2	6.8.2.x
condor_project / condor	6.8.3	6.8.3.x
condor_project / condor	6.8.4	6.8.4.x
condor_project / condor	6.8.5	6.8.5.x
condor_project / condor	6.8.6	6.8.6.x
condor_project / condor	6.8.7	6.8.7.x
condor_project / condor	6.8.8	6.8.8.x
condor_project / condor	6.8.9	6.8.9.x
condor_project / condor	7.0.0	7.0.0.x
condor_project / condor	7.0.1	7.0.1.x
condor_project / condor	7.0.2	7.0.2.x
condor_project / condor	7.0.3	7.0.3.x
condor_project / condor	7.0.4	7.0.4.x
condor_project / condor	7.0.5	7.0.5.x
condor_project / condor	7.0.6	7.0.6.x
condor_project / condor	7.1.0	7.1.0.x
condor_project / condor	7.1.1	7.1.1.x
condor_project / condor	7.1.2	7.1.2.x
condor_project / condor	7.1.3	7.1.3.x
condor_project / condor	7.1.4	7.1.4.x
condor_project / condor	7.2.0	7.2.0.x
condor_project / condor	7.2.1	7.2.1.x
condor_project / condor	7.2.2	7.2.2.x
condor_project / condor	7.2.3	7.2.3.x
condor_project / condor	7.2.4	7.2.4.x
condor_project / condor	7.3.0	7.3.0.x
condor_project / condor	7.3.1	7.3.1.x
condor_project / condor	7.3.2	7.3.2.x
condor_project / condor	7.4.0	7.4.0.x
redhat / enterprise_mrg	1.2	1.2.x

Vulnerability Database

289,599

CVE-2009-4133