CVE-2021-31215 — Slurm vulnerability

9 documents6 sources
Severity
8.8HIGHNVD
OSV8.1
EPSS
2.5%
top 14.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Schedmd SlurmDebian LinuxFedoraproject Fedora
Timeline
PublishedMay 13
Latest updateFeb 1

Description

SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDschedmd/slurm20.11 — 20.11.7+1

Also affects: Debian Linux 9.0, Fedora 33, 34

🔴Vulnerability Details

5
OSV
slurm-llnl vulnerabilities↗2023-02-01
â–¶
OSV
slurm-llnl vulnerabilities↗2022-05-25
â–¶
GHSA
GHSA-wg2q-q9j3-c3v8: SchedMD Slurm before 20↗2022-05-24
â–¶
CVEList
CVE-2021-31215: SchedMD Slurm before 20↗2021-05-13
â–¶
OSV
CVE-2021-31215: SchedMD Slurm before 20↗2021-05-13
â–¶

📋Vendor Advisories

3
Ubuntu
Slurm vulnerabilities↗2023-02-01
â–¶
Ubuntu
Slurm vulnerabilities↗2022-05-25
â–¶
Debian
CVE-2021-31215: slurm-wlm - SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows r...↗2021
â–¶
CVE-2021-31215 — Schedmd Slurm vulnerability | cvebase