CVE-2020-27746Race Condition in Slurm

CWE-362Race ConditionCWE-922Insecure Storage of Sensitive Information9 documents6 sources
Severity
3.7LOWNVD
OSV8.1
EPSS
0.4%
top 38.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schedmd SlurmDebian Linux
Timeline
PublishedNov 27
Latest updateFeb 1

Description

Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages1 packages

NVDschedmd/slurm20.0.020.02.6+1

Also affects: Debian Linux 10.0

Patches

Patch: www.schedmd.comPatch: www.schedmd.com

🔴Vulnerability Details

5
OSV
slurm-llnl vulnerabilities2023-02-01
OSV
slurm-llnl vulnerabilities2022-05-25
GHSA
GHSA-9682-j923-q58c: Slurm before 192022-05-24
OSV
CVE-2020-27746: Slurm before 192020-11-27
CVEList
CVE-2020-27746: Slurm before 192020-11-27

📋Vendor Advisories

3
Ubuntu
Slurm vulnerabilities2023-02-01
Ubuntu
Slurm vulnerabilities2022-05-25
Debian
CVE-2020-27746: slurm-wlm - Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an...2020
CVE-2020-27746 — Race Condition in Schedmd Slurm | cvebase