PT-2019-5183 · Schedmd+1 · Slurm+1

Published

2019-07-10

Updated

2024-06-15

CVE-2019-12838

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SchedMD Slurm versions 17.11.x, 18.08.0 through 18.08.7, and 19.05.0

Description The issue is related to a lack of protection of the SQL query structure, which can lead to SQL Injection. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For SchedMD Slurm versions 17.11.x, consider applying security patches or updates to fix the SQL Injection issue. For SchedMD Slurm versions 18.08.0 through 18.08.7, consider applying security patches or updates to fix the SQL Injection issue. For SchedMD Slurm version 19.05.0, consider applying security patches or updates to fix the SQL Injection issue. As a temporary workaround, consider restricting access to sensitive SQL queries or disabling potentially vulnerable SQL functionality until a patch is available.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2020-01856

CVE-2019-12838

DLA-2143-1

DLA-2886-1

DSA-4572-1

OPENSUSE-SU-2019:2052-1

OPENSUSE-SU-2019:2536-1

OPENSUSE-SU-2019_2052-1

OPENSUSE-SU-2019_2536-1

OPENSUSE-SU-2020:0085-1

OPENSUSE-SU-2020_0085-1

OPENSUSE-SU-2024:11389-1

SUSE-SU-2019:2229-1

SUSE-SU-2019:2989-1

SUSE-SU-2019:3080-1

SUSE-SU-2019_2229-1

SUSE-SU-2019_2989-1

SUSE-SU-2019_3080-1

SUSE-SU-2020:0110-1

SUSE-SU-2020:0434-1

SUSE-SU-2020:0443-1

SUSE-SU-2020:2607-1

SUSE-SU-2020_0110-1

SUSE-SU-2021:0773-1

Affected Products

Slurm

Suse

PT-2019-5183 · Schedmd+1 · Slurm+1

CVE-2019-12838

Weakness Enumeration

Related Identifiers

Affected Products

References · 121