CVE-2022-29500Improper Authentication in Slurm

CWE-287Improper AuthenticationCWE-668Resource Exposure7 documents6 sources
Severity
8.8HIGHNVD
EPSS
1.8%
top 17.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Schedmd SlurmDebian LinuxFedoraproject Fedora
Timeline
PublishedMay 5
Latest updateOct 30

Description

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDschedmd/slurm21.08.021.08.08+1

Also affects: Debian Linux 11.0, Fedora 34, 35, 36

Patches

Patch: www.schedmd.comPatch: www.schedmd.com

🔴Vulnerability Details

4
OSV
slurm-llnl, slurm-wlm vulnerabilities2023-10-30
GHSA
GHSA-8g6p-72jw-r627: SchedMD Slurm 212022-05-06
OSV
CVE-2022-29500: SchedMD Slurm 212022-05-05
CVEList
CVE-2022-29500: SchedMD Slurm 212022-05-05

📋Vendor Advisories

2
Ubuntu
Slurm vulnerabilities2023-10-30
Debian
CVE-2022-29500: slurm-wlm - SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to...2022
CVE-2022-29500 — Improper Authentication in Slurm | cvebase