Lucene search
MitreCVELIST:CVE-2023-49935HistoryDec 14, 2023 - 12:00 a.m.
CVE-2023-49935
2023-12-1400:00:00
mitre
www.cve.org
3
schedmd slurm
incorrect access control
bypass
cve-2023-49935
An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect against undesired MUNGE credential reuse. The fixed versions are 23.02.7 and 23.11.1.
References
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/
lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
www.schedmd.com/security-archive.php
Related
veracode
veracode
Authentication Bypass
2023-12-20 05:34:51
nvd
nvd
CVE-2023-49935
2023-12-14 05:15:10
osv
osv
CVE-2023-49935
2023-12-14 05:15:10
ubuntucve
ubuntucve
CVE-2023-49935
2023-12-14 00:00:00
cve
cve
CVE-2023-49935
2023-12-14 05:15:10
debiancve
debiancve
CVE-2023-49935
2023-12-14 05:15:10
prion
prion
Design/Logic Flaw
2023-12-14 05:15:00
nessus
nessus
SUSE SLES15 Security Update : slurm_23_02 (SUSE-SU-2024:0280-1)
2024-02-01 00:00:00
SUSE SLES12 Security Update : slurm_23_02 (SUSE-SU-2024:0312-1)
2024-02-03 00:00:00
SUSE SLES15 Security Update : slurm_23_02 (SUSE-SU-2024:0289-1)
2024-02-01 00:00:00
openvas
openvas
openSUSE: Security Advisory for slurm (SUSE-SU-2024:0284-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for slurm_23_02 (SUSE-SU-2024:0280-1)
2024-03-04 00:00:00
Fedora: Security Advisory for slurm (FEDORA-2023-540de58d84)
2024-01-18 00:00:00
freebsd
freebsd
slurm-wlm -- Several security issues
2023-11-29 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: slurm-22.05.11-2.fc38
2024-01-03 02:18:46
[SECURITY] Fedora 39 Update: slurm-22.05.11-2.fc39
2024-01-03 02:27:16
gentoo
gentoo
Slurm: Multiple Vulnerabilities
2024-09-22 00:00:00