CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
30.5%
libslurm.so is vulnerable to Authentication Bypass. The vulnerability is due to a message integrity bypass in slurm_protocol_api.c
. An attacker can reuse root-level authentication tokens which allows an attacker to perform unauthorized actions.
bugzilla.suse.com/show_bug.cgi?id=1218049
github.com/SchedMD/slurm/commit/cd89dc6f44e55acaf1f71d8b03b0b7e45978a36d
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/
lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
www.schedmd.com/security-archive.php