CVE-2022-26110
First published: Tue Mar 29 2022(Updated: )
An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/condor | <=8.6.8~dfsg.1-2 | 8.6.8~dfsg.1-2+deb10u1 |
| HTCondor | >=8.8.0<8.8.16 | |
| HTCondor | >=9.0.0<9.0.10 | |
| HTCondor | >=9.1.0<9.6.0 | |
| Debian GNU/Linux | =9.0 | |
| Debian GNU/Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2022-26110
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26110
- https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0003
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008634
- https://github.com/htcondor/htcondor/commit/1cae7601d796725e7f5dd73fedf37f6fbbe379ca
- https://github.com/htcondor/htcondor/commit/8568e8ba65c9490f30a1089b6d4f8910e4bfbd6b
- https://lists.debian.org/debian-lts-announce/2022/04/msg00016.html
- https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2022-0003/
- https://www.debian.org/security/2022/dsa-5144
Frequently Asked Questions
What is the severity of CVE-2022-26110?
CVE-2022-26110 is classified as a high-severity vulnerability due to the potential for user impersonation and unauthorized command execution.
How do I fix CVE-2022-26110?
To remediate CVE-2022-26110, users should upgrade HTCondor to version 8.8.16 or later, 9.0.10 or later, or 9.6.0 or later.
What software is affected by CVE-2022-26110?
CVE-2022-26110 affects HTCondor versions prior to 8.8.16, prior to 9.0.10, and prior to 9.6.0.
What are the implications of CVE-2022-26110?
The implications of CVE-2022-26110 include the ability for authenticated users to impersonate any entity, potentially leading to unauthorized access and control.
Is CVE-2022-26110 specific to certain operating systems?
CVE-2022-26110 is not limited to specific operating systems but affects installations of HTCondor across multiple systems including Debian.
- collector/debian-bugs
- alias/CVE-2022-26110
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/debian
- vendor/wisc
- canonical/htcondor
- version/htcondor/8.8.0
- version/htcondor/9.0.0
- version/htcondor/9.1.0
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/9.0
- version/debian gnu/linux/10.0