An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NSchedmd Slurm
APPSchedmd23.1122.05 – 22.05.12 (bez)23.02 – 23.02.7 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References
Related vulnerabilities
CVE-2023-49937CRITICAL9.8PL ✓ten sam produkt
Double free w SchedMD Slurm umożliwia RCE lub DoS
CVE-2023-49934CRITICAL9.8PL ✓ten sam produkt
SQL Injection w SchedMD Slurm 23.11.x przeciwko bazie SlurmDBD
CVE-2022-29502CRITICAL9.8ten sam produkt
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.
CVE-2020-27745CRITICAL9.8ten sam produkt
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.
CVE-2019-12838CRITICAL9.8ten sam produkt
SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.