CVE-2014-8126

Опубликовано: 12 янв. 2015

Источник: redhat

CVSS2: 8.5

EPSS Низкий

Описание

The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.

The HTCondor scheduler can optionally notify a user of completed jobs by sending an email. Due to the way the daemon sent the email message, authenticated users able to submit jobs could execute arbitrary code with the privileges of the condor user.

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-78

https://bugzilla.redhat.com/show_bug.cgi?id=1169800condor: mailx invocation enables code execution as condor user

EPSS

Процентиль: 80%

0.01451

Низкий

8.5 High

CVSS2

Связанные уязвимости

CVE-2014-8126

CVSS3: 8.8

ubuntu

около 6 лет назад

The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.

CVE-2014-8126

CVSS3: 8.8

nvd

около 6 лет назад

The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.

CVE-2014-8126

CVSS3: 8.8

debian

около 6 лет назад

The scheduler in HTCondor before 8.2.6 allows remote authenticated use ...

GHSA-4cwh-h77q-9rqx

github

больше 3 лет назад

The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.

EPSS

Процентиль: 80%

0.01451

Низкий

8.5 High

CVSS2