CVE-2018-10995 β€” Improper Input Validation in Slurm

CWE-20 β€” Improper Input Validation10 documents6 sources
Severity
5.3MEDIUMNVD
OSV8.1
EPSS
0.8%
top 26.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schedmd SlurmDebian Linux
Timeline
PublishedMay 30
Latest updateFeb 1

Description

SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

β–ΆNVDschedmd/slurm17.02.10.1+10

Also affects: Debian Linux 8.0, 9.0

πŸ”΄Vulnerability Details

5
OSV
slurm-llnl vulnerabilities↗2023-02-01
β–Ά
OSV
slurm-llnl vulnerabilities↗2022-05-25
β–Ά
GHSA
GHSA-mpcp-f66m-rf47: SchedMD Slurm before 17β†—2022-05-13
β–Ά
CVEList
CVE-2018-10995: SchedMD Slurm before 17β†—2018-05-30
β–Ά
OSV
CVE-2018-10995: SchedMD Slurm before 17β†—2018-05-30
β–Ά

πŸ“‹Vendor Advisories

2
Ubuntu
Slurm vulnerabilities↗2023-02-01
β–Ά
Ubuntu
Slurm vulnerabilities↗2022-05-25
β–Ά

πŸ’¬Community

2
Bugzilla
CVE-2018-10995 slurm: Insecure handling of username and gid fields↗2018-06-01
β–Ά
Bugzilla
CVE-2018-10995 slurm: Insecure handling of username and gid fields [fedora-all]β†—2018-06-01
β–Ά
CVE-2018-10995 β€” Improper Input Validation in Slurm | cvebase