← Voltar para CVEs
CVE-2021-43337
MEDIUM6.5
Descricao
SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have access.
Detalhes CVE
Pontuacao CVSS v3.16.5
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado11/17/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
fedoraproject:fedoraschedmd:slurm
Referencias
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VY34WSSPRPA6MISNYBZWHSGX2SYSEEE/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUWNGDQTS7AWFI7FIHUWQOYJSD2IQTCG/(cve@mitre.org)
https://lists.schedmd.com/pipermail/slurm-announce/(cve@mitre.org)
https://www.schedmd.com/news.php(cve@mitre.org)
https://www.schedmd.com/news.php?id=256(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VY34WSSPRPA6MISNYBZWHSGX2SYSEEE/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUWNGDQTS7AWFI7FIHUWQOYJSD2IQTCG/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.schedmd.com/pipermail/slurm-announce/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.schedmd.com/pipermail/slurm-announce/2021/000068.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.schedmd.com/news.php(af854a3a-2127-422b-91ae-364da2661108)
https://www.schedmd.com/news.php?id=256(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.