Lucene search

Slurm Security Vulnerabilities

cve

CVE-2016-10030

The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on th...

8.1CVSS

8.2AI Score

0.004EPSS

2017-01-05 11:59 AM

cve

CVE-2017-15566

Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.

7.8CVSS

7.8AI Score

0.001EPSS

2017-11-01 05:29 PM

cve

CVE-2018-10995

SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).

5.3CVSS

5.4AI Score

0.002EPSS

2018-05-30 08:29 PM

cve

CVE-2018-7033

SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD.

9.8CVSS

9.7AI Score

0.002EPSS

2018-03-15 10:29 PM

cve

CVE-2019-12838

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.

9.8CVSS

9.5AI Score

0.011EPSS

2019-07-11 01:15 PM

136

cve

CVE-2019-19727

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.

5.5CVSS

7.1AI Score

0.0004EPSS

2020-01-13 07:15 PM

122

cve

CVE-2019-19728

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.

7.5CVSS

8.4AI Score

0.005EPSS

2020-01-13 07:15 PM

123

cve

CVE-2019-6438

SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.

9.8CVSS

9.2AI Score

0.006EPSS

2019-01-31 09:29 AM

123

cve

CVE-2020-12693

Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.

8.1CVSS

7.8AI Score

0.007EPSS

2020-05-21 11:15 PM

148

cve

CVE-2020-27745

Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.

9.8CVSS

9.3AI Score

0.004EPSS

2020-11-27 05:15 PM

172

cve

CVE-2020-27746

Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.

3.7CVSS

6.2AI Score

0.001EPSS

2020-11-27 06:15 PM

166

cve

CVE-2021-31215

SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.

8.8CVSS

8.8AI Score

0.004EPSS

2021-05-13 06:15 AM

186

cve

CVE-2021-43337

SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have access.

6.5CVSS

6.3AI Score

0.001EPSS

2021-11-17 06:15 AM

cve

CVE-2022-29500

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.

8.8CVSS

8.4AI Score

0.005EPSS

2022-05-05 05:15 PM

cve

CVE-2022-29501

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.

8.8CVSS

8.7AI Score

0.002EPSS

2022-05-05 05:15 PM

104

cve

CVE-2022-29502

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.

9.8CVSS

9.2AI Score

0.007EPSS

2022-05-05 05:15 PM

cve

CVE-2023-41914

SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.

7CVSS

6.8AI Score

0.0004EPSS

2023-11-03 05:15 AM

cve

CVE-2023-49933

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7...

7.5CVSS

8.2AI Score

0.001EPSS

2023-12-14 05:15 AM

cve

CVE-2023-49934

An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1.

9.8CVSS

9.7AI Score

0.001EPSS

2023-12-14 05:15 AM

cve

CVE-2023-49935

An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect against ...

8.8CVSS

9.1AI Score

0.001EPSS

2023-12-14 05:15 AM

cve

CVE-2023-49936

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

7.5CVSS

8.1AI Score

0.001EPSS

2023-12-14 05:15 AM

cve

CVE-2023-49937

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

9.8CVSS

9.6AI Score

0.001EPSS

2023-12-14 05:15 AM

cve

CVE-2023-49938

An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7.

8.2CVSS

8.7AI Score

0.001EPSS

2023-12-14 05:15 AM