Schedmd: >> Slurm >> 21.08.2 Security Vulnerabilities
SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration.
CVSS Score
5.0
EPSS Score
0.001
Published
2024-10-28
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.
CVSS Score
8.8
EPSS Score
0.012
Published
2022-05-05
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.
CVSS Score
8.8
EPSS Score
0.015
Published
2022-05-05
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-05-05
SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have access.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-11-17