CVE-2023-49935
- Source
- https://cve.org/CVERecord?id=CVE-2023-49935
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-49935.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-49935
- Downstream
- Related
- Published
- 2023-12-14T00:00:00Z
- Modified
- 2026-05-28T04:09:10.988429707Z
- Summary
- [none]
- Details
-
An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect against undesired MUNGE credential reuse. The fixed versions are 23.02.7 and 23.11.1.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/49xxx/CVE-2023-49935.json", "cna_assigner": "mitre" }- References
-
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/
- https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
- https://www.schedmd.com/security-archive.php
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/49xxx/CVE-2023-49935.json
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/
- https://nvd.nist.gov/vuln/detail/CVE-2023-49935
Affected packages
Git / github.com/schedmd/slurm
Affected ranges
- Type
- GIT
- Repo
- https://github.com/schedmd/slurm
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "extracted_events": [ { "introduced": "23.02" }, { "fixed": "23.02.7" } ], "cpe": "cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:*", "source": "CPE_RANGE" }
Affected versions
Other
slurm-13-12-0-0pre2
slurm-13-12-0-0pre3
slurm-13-12-0-0pre4
slurm-14-03-0-0pre5
slurm-14-03-0-0pre6
slurm-14-03-0-0rc1
slurm-14-03-0-1
slurm-14-11-0-0pre1
slurm-14-11-0-0pre2
slurm-14-11-0-0pre3
slurm-14-11-0-0pre4
slurm-14-11-0-0pre5
slurm-14-11-0-0rc1
slurm-15-08-0-0pre1
slurm-15-08-0-0pre2
slurm-15-08-0-0pre3
slurm-15-08-0-0pre4
slurm-15-08-0-0pre5
slurm-15-08-0-0pre6
slurm-15-08-0-0rc1
slurm-15-08-0-1
slurm-16-05-0-0pre1
slurm-16-05-0-0pre2
slurm-17-02-0-0pre1
slurm-17-02-0-0pre2
slurm-17-02-0-0pre3
slurm-17-02-0-0pre4
slurm-17-11-0-0pre1
slurm-17-11-0-0pre2
slurm-18-08-0-0pre1
slurm-18-08-0-0pre2
slurm-19-05-0-0pre1
slurm-19-05-0-0pre2
slurm-19-05-0-0pre3
slurm-19-05-0-0rc1
slurm-2-3-0-0-pre6
slurm-2-3-0-0-rc1
slurm-2-3-0-0-rc2
slurm-2-3-0-1
slurm-2-4-0-0-pre1
slurm-2-4-0-0-pre2
slurm-2-4-0-0-pre3
slurm-2-4-0-0-pre4
slurm-2-5-0-0-pre1
slurm-2-5-0-0-pre2
slurm-2-5-0-0-pre3
slurm-2-5-0-0-rc1
slurm-2-5-0-0-rc2
slurm-2-5-0-1
slurm-2-6-0-0-pre2
slurm-2-6-0-0pre1
slurm-2-6-0-0pre2
slurm-2-6-0-0pre3
slurm-2-6-0-0pre4
slurm-2-6-0-0rc1
slurm-2-6-0-0rc2
slurm-20-02-0-0pre1
slurm-20-02-0-0rc1
slurm-20-11-0-0rc1
slurm-20-11-0-0rc2
slurm-20-11-0-1
slurm-21-08-0-0rc1
slurm-21-08-0-0rc2
slurm-22-05-0-0rc1
slurm-23-02-0-0rc1
slurm-23-02-5-1
slurm-23-02-6-1