Upstream information
Description
SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
CNA (CISA-ADP) | |
---|---|
Base Score | 5 |
Vector | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
Attack Vector | Network |
Attack Complexity | High |
Privileges Required | Low |
User Interaction | None |
Scope | Unchanged |
Confidentiality Impact | Low |
Integrity Impact | Low |
Availability Impact | Low |
CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- openSUSE-SU-2024:14450-1, published Sat Nov 2 18:49:02 2024
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-14450 |
SUSE Timeline for this CVE
CVE page created: Mon Oct 28 06:00:04 2024CVE page last modified: Sat Nov 2 19:56:21 2024