[HTCondor-users] Python Flask vulnerability impact on HTCSS

[Jaime Frey <jfrey@xxxxxxxxxxx>]

Recently, an information disclosure vulnerability was announced that

affects the Flask Python package. The vulnerability is fixed in Flask

versions 2.2.5 and 2.3.2.

Red Hat has released a security advisory recommending users of RHEL7 to   

upgrade the python-flask package.

The optional HTCondor package condor-oauth-credmon relies on Flask and may

be affected by this vulnerability, though only non-sensitive information

is subject to disclosure in this case.

We recommend that anyone using Flask to upgrade to a non-vulnerable version.

    

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-30861

https://access.redhat.com/errata/RHSA-2023:3525

https://access.redhat.com/security/cve/CVE-2023-30861

 - Jaime