UBUNTU-CVE-2021-31215

SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling...

The vulnerability of the Slurm resource manager, related to improper handling of the SPANK environment variable, allows a perpetrator to escalate their privileges.

The vulnerability of the Slurm resource manager is related to incorrect processing of the SPANK environment variable. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level when executing Prolog or Epilog scripts...