CVE-2016-10030 — Improper Access Control in Slurm

CWE-284 — Improper Access Control8 documents5 sources

Severity

8.1HIGHNVD

EPSS

0.8%

top 26.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schedmd Slurm

Timeline

PublishedJan 5

Latest updateFeb 1

Description

The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on the system. Any exploitation of this is dependent on the user being able to cause or anticipate the failure (non-zero return code) of a Prolog script that their job would run on. This issue affects all S…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

▶NVDschedmd/slurm15.08.12+8

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

slurm-llnl vulnerabilities↗2023-02-01

▶

OSV

slurm-llnl vulnerabilities↗2022-05-25

▶

GHSA

GHSA-9w2c-9wm9-hvcg: The _prolog_error function in slurmd/req↗2022-05-17

▶

CVEList

CVE-2016-10030: The _prolog_error function in slurmd/req↗2017-01-05

▶

OSV

CVE-2016-10030: The _prolog_error function in slurmd/req↗2017-01-05

▶

📋Vendor Advisories

Ubuntu

Slurm vulnerabilities↗2023-02-01

▶

Ubuntu

Slurm vulnerabilities↗2022-05-25

▶