Tim Wickberg

Name of the Vulnerable Software and Affected Versions: Slurm versions 19.05.x through 19.05.6 Slurm versions 20.02.x through 20.02.2 Description: The issue is related to an authentication bypass in the SLURM resource management manager. This can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability is associated with the use of an alternate path or channel. A race condition allows a user to launch a process as an arbitrary user, which can lead to unauthorized access. Recommendations: For Slurm versions 19.05.x through 19.05.6, update to version 19.05.7 or later. For Slurm versions 20.02.x through 20.02.2, update to version 20.02.3 or later.