HTCondor Security Vulnerabilities

Two vulnerabilities in HTCondor have been found, one of them may allow users to run code as another user or read the data accessible to that user's running jobs, which is considered a HIGH risk for EGI infrastructure. Versions 8.8.15, 9.0.4, 9.1.2 contain fixes for...

read more

EGI-CSIRT team virtual F2F meeting in July

From 6th to 9th of July an EGI CSIRT virtual F2F meeting took place. The focus of the meeting was on future EGI CSIRT activities, such as security monitoring, vulnerability and incident handling, training, and security policymaking. The team will prepare a new...

read more

CVE-2021-25217: dhcpd and dhclient vulnerability

DHCP vulnerability (CVE-2021-25217) has been announced, rated 8.8 CVSS v3 Base Score by Redhat. Due to discrepancy between the code that handles encapsulated option information in leases transmitted and the code with reads lease information after it has been written...

read more

Apache Struts vulnerability affecting VOMS-Admin

A serious vulnerability has been found in Apache Struts on which VOMS-Admin is dependent. The exploit of this vulnerability could cause remote code execution. Apache Struts version 2.5.26 fixes this issue. Sites running VOMS-Admin should upgrade to voms-admin-server...

read more

Vulnerability in Singularity 3.7.2 and 3.7.3

A security vulnerability in Singularity version 3.7.2 and 3.7.3 has been publicly announced that enables an attacker to publish malicious container that takes priority over a container that a user is expecting to run. Due to incorrect use of a default URL, singularity...

read more
Trusted Introducer