Using standard command-line tools, a user with only READ access to a SchedD or Collector can discover secrets that could allow them to control other users jobs and/or read their data.

Component Vulnerable Versions Platform Availability Fix Available
SchedD, Collector All Versions All Platforms Not known to be publicly exploited 8.8.15, 9.0.4, 9.1.2
Status Access Required Host Type Required Effort Required Impact/Consequences
Verified READ access to HTCondor daemons Any Medium High
Fixed Date Credit
2021-07-27 Jaime Frey

Access Required:

READ access to HTCondor daemons

An attacker need only have READ-level authorization to a vulnerable daemon. This means they are able to run tools like condor_q or condor_status. Many pools do not require authentication for READ-level commands so it is likely that an attacker could execute this command remotely from an untrusted network, unless otherwise prevented by a firewall or other network-level access controls.

Effort Required:


An attacker would need to write custom tools and be very familiar with the HTCondor wire protocols to carry out a succesful attack.



This attack allows a user to control a running job submitted by another user. This could let them read that job's data and/or inject their own executables into that job that would then run as that user.


There is no workaround for this issue.

Full Details:

Embargoed until future notice.