SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have access.
References
Link | Resource |
---|---|
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VY34WSSPRPA6MISNYBZWHSGX2SYSEEE/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUWNGDQTS7AWFI7FIHUWQOYJSD2IQTCG/ | |
https://lists.schedmd.com/pipermail/slurm-announce/ | Mailing List Vendor Advisory |
https://lists.schedmd.com/pipermail/slurm-announce/2021/000068.html | Mailing List Vendor Advisory |
https://www.schedmd.com/news.php | Vendor Advisory |
https://www.schedmd.com/news.php?id=256 | Patch Vendor Advisory |
Configurations
History
07 Nov 2023, 03:39
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-11-17 06:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-43337
Mitre link : CVE-2021-43337
CVE.ORG link : CVE-2021-43337
JSON object : View
Products Affected
fedoraproject
- fedora
schedmd
- slurm
CWE