Main Vulnerability Database Vulnerabilities #VU84783

Improper access control in Slurm - CVE-2023-49938

Published: December 26, 2023

Vulnerability identifier: #VU84783

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-49938

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Slurm

Software vendor:
SchedMD

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user can modify extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups

Remediation

Install updates from vendor's website.

External links

https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html

Improper access control in Slurm - CVE-2023-49938

Description

Remediation

External links

Please verify you're human