CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
Percentile
80.1%
The command_give_request_ad function in condor_startd.V6/command.cpp Condor
7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to
obtain sensitive information, and possibly control or start arbitrary jobs,
via a ClassAd request to the condor_startd port, which leaks the ClaimId.