PT-2019-5183 · Schedmd+1 · Slurm+1

Publicado

2019-07-10

Atualizado

2024-06-15

CVE-2019-12838

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SchedMD Slurm versions 17.11.x, 18.08.0 through 18.08.7, and 19.05.0

Description The issue is related to a lack of protection of the SQL query structure, which can lead to SQL Injection. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For SchedMD Slurm versions 17.11.x, consider applying security patches or updates to fix the SQL Injection issue. For SchedMD Slurm versions 18.08.0 through 18.08.7, consider applying security patches or updates to fix the SQL Injection issue. For SchedMD Slurm version 19.05.0, consider applying security patches or updates to fix the SQL Injection issue. As a temporary workaround, consider restricting access to sensitive SQL queries or disabling potentially vulnerable SQL functionality until a patch is available.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

BDU:2020-01856

CVE-2019-12838

DLA-2143-1

DLA-2886-1

DSA-4572-1

OPENSUSE-SU-2019:2052-1

OPENSUSE-SU-2019:2536-1

OPENSUSE-SU-2019_2052-1

OPENSUSE-SU-2019_2536-1

OPENSUSE-SU-2020:0085-1

OPENSUSE-SU-2020_0085-1

OPENSUSE-SU-2024:11389-1

SUSE-SU-2019:2229-1

SUSE-SU-2019:2989-1

SUSE-SU-2019:3080-1

SUSE-SU-2019_2229-1

SUSE-SU-2019_2989-1

SUSE-SU-2019_3080-1

SUSE-SU-2020:0110-1

SUSE-SU-2020:0434-1

SUSE-SU-2020:0443-1

SUSE-SU-2020:2607-1

SUSE-SU-2020_0110-1

SUSE-SU-2021:0773-1

Produtos afetados

Slurm

Suse

PT-2019-5183 · Schedmd+1 · Slurm+1

CVE-2019-12838

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 121