CVE-2023-49935
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-49935
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-49935.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-49935
- Related
- Published
- 2023-12-14T05:15:10Z
- Modified
- 2024-10-12T11:13:09.673369Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect against undesired MUNGE credential reuse. The fixed versions are 23.02.7 and 23.11.1.
- References
-
- https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
- https://www.schedmd.com/security-archive.php
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/
- https://security-tracker.debian.org/tracker/CVE-2023-49935
Affected packages
Debian:13 / slurm-wlm
Package
- Name
- slurm-wlm
- Purl
- pkg:deb/debian/slurm-wlm?arch=source
Git / github.com/schedmd/slurm
Affected ranges
- Type
- GIT
- Repo
- https://github.com/schedmd/slurm
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
slurm-13-12-0-0pre2
slurm-13-12-0-0pre3
slurm-13-12-0-0pre4
slurm-14-03-0-0pre5
slurm-14-03-0-0pre6
slurm-14-03-0-0rc1
slurm-14-03-0-1
slurm-14-03-1-1
slurm-14-03-1-2
slurm-14-03-10-1
slurm-14-03-11-1
slurm-14-03-2-1
slurm-14-03-3-1
slurm-14-03-3-2
slurm-14-03-4-1
slurm-14-03-4-2
slurm-14-03-5-1
slurm-14-03-6-1
slurm-14-03-7-1
slurm-14-03-8-1
slurm-14-03-9-1
slurm-14-11-0-0pre1
slurm-14-11-0-0pre2
slurm-14-11-0-0pre3
slurm-14-11-0-0pre4
slurm-14-11-0-0pre5
slurm-14-11-0-0rc1
slurm-14-11-0-0rc2
slurm-14-11-0-0rc3
slurm-14-11-0-1
slurm-14-11-1-1
slurm-14-11-10-1
slurm-14-11-11-1
slurm-14-11-2-1
slurm-14-11-3-1
slurm-14-11-4-1
slurm-14-11-5-1
slurm-14-11-6-1
slurm-14-11-7-1
slurm-14-11-8-1
slurm-14-11-9-1
slurm-15-08-0-0pre1
slurm-15-08-0-0pre2
slurm-15-08-0-0pre3
slurm-15-08-0-0pre4
slurm-15-08-0-0pre5
slurm-15-08-0-0pre6
slurm-15-08-0-0rc1
slurm-15-08-0-1
slurm-15-08-1-1
slurm-15-08-10-1
slurm-15-08-11-1
slurm-15-08-12-1
slurm-15-08-13-1
slurm-15-08-2-1
slurm-15-08-3-1
slurm-15-08-4-1
slurm-15-08-5-1
slurm-15-08-6-1
slurm-15-08-7-1
slurm-15-08-8-1
slurm-15-08-9-1
slurm-16-05-0-0pre1
slurm-16-05-0-0pre2
slurm-16-05-0-0rc1
slurm-16-05-0-0rc2
slurm-16-05-0-1
slurm-16-05-1-1
slurm-16-05-10-1
slurm-16-05-10-2
slurm-16-05-11-1
slurm-16-05-2-1
slurm-16-05-3-1
slurm-16-05-4-1
slurm-16-05-5-1
slurm-16-05-6-1
slurm-16-05-7-1
slurm-16-05-8-1
slurm-16-05-9-1
slurm-17-02-0-0pre1
slurm-17-02-0-0pre2
slurm-17-02-0-0pre3
slurm-17-02-0-0pre4
slurm-17-02-0-0rc1
slurm-17-02-0-1
slurm-17-02-1-1
slurm-17-02-1-2
slurm-17-02-10-1
slurm-17-02-11-1
slurm-17-02-2-1
slurm-17-02-3-1
slurm-17-02-4-1
slurm-17-02-5-1
slurm-17-02-6-1
slurm-17-02-7-1
slurm-17-02-8-1
slurm-17-02-9-1
slurm-17-11-0-0pre1
slurm-17-11-0-0pre2
slurm-17-11-0-0rc1
slurm-17-11-0-0rc2
slurm-17-11-0-0rc3
slurm-17-11-0-1
slurm-17-11-1-1
slurm-17-11-1-2
slurm-17-11-10-1
slurm-17-11-11-1
slurm-17-11-12-1
slurm-17-11-13-1
slurm-17-11-13-2
slurm-17-11-2-1
slurm-17-11-3-1
slurm-17-11-3-2
slurm-17-11-4-1
slurm-17-11-5-1
slurm-17-11-6-1
slurm-17-11-7-1
slurm-17-11-8-1
slurm-17-11-9-1
slurm-17-11-9-2
slurm-18-08-0-0pre1
slurm-18-08-0-0pre2
slurm-18-08-0-0rc1
slurm-18-08-0-1
slurm-18-08-1-1
slurm-18-08-2-1
slurm-18-08-3-1
slurm-18-08-4-1
slurm-18-08-5-1
slurm-18-08-5-2
slurm-18-08-6-1
slurm-18-08-6-2
slurm-18-08-7-1
slurm-18-08-8-1
slurm-18-08-9-1
slurm-19-05-0-0pre1
slurm-19-05-0-0pre2
slurm-19-05-0-0pre3
slurm-19-05-0-0rc1
slurm-19-05-0-1
slurm-19-05-1-1
slurm-19-05-1-2
slurm-19-05-2-1
slurm-19-05-3-1
slurm-19-05-3-2
slurm-19-05-4-1
slurm-19-05-5-1
slurm-19-05-6-1
slurm-19-05-7-1
slurm-19-05-8-1
slurm-2-2-6-1
slurm-2-2-7-1
slurm-2-3-0-0-pre5
slurm-2-3-0-0-pre6
slurm-2-3-0-0-rc1
slurm-2-3-0-0-rc2
slurm-2-3-0-1
slurm-2-3-0-2
slurm-2-3-1-1
slurm-2-3-2-1
slurm-2-3-3-1
slurm-2-3-4-1
slurm-2-3-5-1
slurm-2-4-0-0-pre1
slurm-2-4-0-0-pre2
slurm-2-4-0-0-pre3
slurm-2-4-0-0-pre4
slurm-2-4-0-0-rc1
slurm-2-4-0-1
slurm-2-4-1-1
slurm-2-4-2-1
slurm-2-4-3-0
slurm-2-4-4-1
slurm-2-4-5-1
slurm-2-5-0-0-pre1
slurm-2-5-0-0-pre2
slurm-2-5-0-0-pre3
slurm-2-5-0-0-rc1
slurm-2-5-0-0-rc2
slurm-2-5-0-1
slurm-2-5-1-1
slurm-2-5-2-1
slurm-2-5-3-1
slurm-2-5-4-1
slurm-2-5-5-1
slurm-2-5-6-1
slurm-2-5-7-1
slurm-2-6-0-0-pre2
slurm-2-6-0-0pre1
slurm-2-6-0-0pre2
slurm-2-6-0-0pre3
slurm-2-6-0-0pre4
slurm-2-6-0-0rc1
slurm-2-6-0-0rc2
slurm-2-6-0-1
slurm-2-6-1-1
slurm-2-6-2-1
slurm-2-6-3-1
slurm-2-6-4-1
slurm-2-6-5-1
slurm-2-6-6-1
slurm-2-6-6-2
slurm-2-6-7-1
slurm-2-6-8-1
slurm-2-6-9-1
slurm-20-02-0-0pre1
slurm-20-02-0-0rc1
slurm-20-02-0-1
slurm-20-02-1-1
slurm-20-02-2-1
slurm-20-02-3-1
slurm-20-02-4-1
slurm-20-02-5-1
slurm-20-02-6-1
slurm-20-02-7-1
slurm-20-11-0-0rc1
slurm-20-11-0-0rc2
slurm-20-11-0-1
slurm-20-11-1-1
slurm-20-11-2-1
slurm-20-11-3-1
slurm-20-11-4-1
slurm-20-11-5-1
slurm-20-11-6-1
slurm-20-11-7-1
slurm-20-11-8-1
slurm-20-11-9-1
slurm-21-08-0-0rc1
slurm-21-08-0-0rc2
slurm-21-08-0-1
slurm-21-08-1-1
slurm-21-08-2-1
slurm-21-08-3-1
slurm-21-08-4-1
slurm-21-08-5-1
slurm-21-08-6-1
slurm-21-08-7-1
slurm-21-08-8-1
slurm-21-08-8-2
slurm-22-05-0-0rc1
slurm-22-05-0-1
slurm-22-05-1-1
slurm-22-05-10-1
slurm-22-05-11-1
slurm-22-05-2-1
slurm-22-05-3-1
slurm-22-05-4-1
slurm-22-05-5-1
slurm-22-05-6-1
slurm-22-05-7-1
slurm-22-05-8-1
slurm-22-05-9-1
slurm-23-02-0-0rc1
slurm-23-02-0-1
slurm-23-02-1-1
slurm-23-02-2-1
slurm-23-02-3-1
slurm-23-02-4-1
slurm-23-02-5-1
slurm-23-02-6-1