PT-2023-8199 · Schedmd+2 · Slurm+2

Ryan Hall

·

Publicado

2023-12-13

·

Atualizado

2026-05-06

·

CVE-2023-49933

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:N/I:C/A:N
Name of the Vulnerable Software and Affected Versions SchedMD Slurm versions 22.05.x through 22.05.10 SchedMD Slurm versions 23.02.x through 23.02.6 SchedMD Slurm versions 23.11.x through 23.11.0
Description The issue is related to the improper enforcement of message integrity during transmission in a communication channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks, potentially enabling them to exploit the system. The exploitation of this issue can be done remotely.
Recommendations For SchedMD Slurm versions 22.05.x through 22.05.10, update to version 22.05.11. For SchedMD Slurm versions 23.02.x through 23.02.6, update to version 23.02.7. For SchedMD Slurm versions 23.11.x through 23.11.0, update to version 23.11.1.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-924

Identificadores relacionados

BDU:2024-00191
CVE-2023-49933
DSA-5609-1
OPENSUSE-SU-2024:13559-1
OPENSUSE-SU-2024_0278-1
OPENSUSE-SU-2024_0279-1
OPENSUSE-SU-2024_0280-1
OPENSUSE-SU-2024_0283-1
OPENSUSE-SU-2024_0284-1
OPENSUSE-SU-2024_0288-1
SUSE-SU-2024:0278-1
SUSE-SU-2024:0279-1
SUSE-SU-2024:0280-1
SUSE-SU-2024:0283-1
SUSE-SU-2024:0284-1
SUSE-SU-2024:0286-1
SUSE-SU-2024:0287-1
SUSE-SU-2024:0288-1
SUSE-SU-2024:0289-1
SUSE-SU-2024:0309-1
SUSE-SU-2024:0310-1
SUSE-SU-2024:0311-1
SUSE-SU-2024:0312-1
SUSE-SU-2024:0313-1
SUSE-SU-2024:0314-1
SUSE-SU-2024:0315-1
SUSE-SU-2024_0284-1
SUSE-SU-2024_0286-1
SUSE-SU-2024_0287-1
SUSE-SU-2024_0289-1
SUSE-SU-2024_0310-1
SUSE-SU-2024_0311-1
SUSE-SU-2024_0312-1
SUSE-SU-2024_0315-1
USN-8236-1

Produtos afetados

Debian
Slurm
Suse