4 matches found
CVE-2020-36770
pkgpostinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files...
GLSA-202409-16 : Slurm: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202409-16 Slurm: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Slurm. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from...
CVE-2020-36770
pkgpostinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files...
CVE-2020-36770
Affected software: Slurm ( Gentoo ebuild ). Issue: the pkg_postinst script for Slurm up to version 22.05.3 runs chown to assign root ownership on files in the live root filesystem. Root-owned files could be taken over by the slurm user, per the description in CVE-2020-36770. Root cause: unnecessa...