CVE-2021-45101: 
HTCondor vulnerability analysis and mitigation

A security vulnerability identified as CVE-2021-45101 was discovered in HTCondor before versions 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. The vulnerability allows users with only READ access to an HTCondor SchedD or Collector daemon to discover secrets that could enable them to control other users' jobs and/or read their data (Debian Tracker).

The vulnerability affects the SchedD and Collector components across all platforms. It requires READ-level authorization to HTCondor daemons, which in many pools does not require authentication for READ-level commands. This means an attacker could potentially execute commands remotely from an untrusted network, unless prevented by firewalls or other network-level access controls. The exploitation requires medium-level effort, with attackers needing to write custom tools and be very familiar with the HTCondor wire protocols (HTCondor Advisory).

The vulnerability has high-impact consequences. A successful exploit allows an attacker to control running jobs submitted by other users, potentially enabling them to read job data and inject their own executables that would run under the compromised user's context (HTCondor Advisory).

No workaround is available for this vulnerability. The issue has been fixed in HTCondor versions 8.8.15, 9.0.4, and 9.1.2. Users are advised to upgrade to these or later versions to protect against this security risk (HTCondor Advisory).