CVE-2024-48936

Published: Oct 28, 2024Modified: Apr 17, 2025

5.0

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability: 1.6 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration.

Affected (1)

Products: Schedmd: Slurm

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Schedmd Slurm	Before 24.05.4

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (3)

https://lists.schedmd.com/mailman3/hyperkitty/list/slurm-announce%40lists.schedmd.com/message/44MFMN7R35YZFWTNO43R2754W5B5XUAI/

Source: cve@mitre.org

Mailing List

https://lists.schedmd.com/pipermail/slurm-announce/2024/date.html

Source: cve@mitre.org

Mailing List

https://www.schedmd.com/security-policy/

Source: cve@mitre.org

Product

Timeline

No history available yet.