CVE-2024-48936Incorrect Authorization in Slurm

CWE-863Incorrect Authorization5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.1%
top 74.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schedmd Slurm
Timeline
PublishedOct 28

Description

SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.6 | Impact: 3.4

Affected Packages1 packages

NVDschedmd/slurm< 24.05.4

🔴Vulnerability Details

3
OSV
CVE-2024-48936: SchedMD Slurm before 242024-10-28
CVEList
CVE-2024-48936: SchedMD Slurm before 242024-10-28
GHSA
GHSA-8phj-c26v-2jj9: SchedMD Slurm before 242024-10-28

📋Vendor Advisories

1
Debian
CVE-2024-48936: slurm-wlm - SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentic...2024
CVE-2024-48936 — Incorrect Authorization in Slurm | cvebase