Total vulnerabilities in the database
The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId.
| Software | From | Fixed in |
|---|---|---|
| condor_project / condor | 7.6.1 | 7.6.1.x |
| condor_project / condor | 7.6.3 | 7.6.3.x |
| condor_project / condor | 7.6.9 | 7.6.9.x |
| condor_project / condor | 7.6.0 | 7.6.0.x |
| condor_project / condor | 7.6.5 | 7.6.5.x |
| condor_project / condor | 7.6.6 | 7.6.6.x |
| condor_project / condor | 7.8.3 | 7.8.3.x |
| condor_project / condor | 7.8.1 | 7.8.1.x |
| condor_project / condor | 7.6.4 | 7.6.4.x |
| condor_project / condor | 7.8.0 | 7.8.0.x |
| condor_project / condor | 7.6.7 | 7.6.7.x |
| condor_project / condor | 7.6.2 | 7.6.2.x |
| condor_project / condor | 7.6.8 | 7.6.8.x |
| condor_project / condor | 7.8.2 | 7.8.2.x |