Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Slurm
(Schedmd)| Repositories | https://github.com/SchedMD/slurm |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-05-13 | CVE-2021-31215 | SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. | Debian_linux, Fedora, Slurm | 8.8 | ||
| 2021-11-17 | CVE-2021-43337 | SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have access. | Fedora, Slurm | 6.5 | ||
| 2022-05-05 | CVE-2022-29500 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. | Debian_linux, Fedora, Slurm | 8.8 | ||
| 2022-05-05 | CVE-2022-29501 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. | Debian_linux, Fedora, Slurm | 8.8 | ||
| 2022-05-05 | CVE-2022-29502 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. | Fedora, Slurm | 9.8 | ||
| 2023-11-03 | CVE-2023-41914 | SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. | Fedora, Slurm | 7.0 | ||
| 2023-12-14 | CVE-2023-49933 | An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1. | Slurm | 7.5 | ||
| 2023-12-14 | CVE-2023-49934 | An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1. | Slurm | 9.8 | ||
| 2023-12-14 | CVE-2023-49936 | An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1. | Slurm | 7.5 | ||
| 2023-12-14 | CVE-2023-49935 | An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect against undesired MUNGE credential reuse. The fixed versions are 23.02.7 and 23.11.1. | Slurm | 8.8 |