PT-2020-5860 · Schedmd+3 · Slurm+3

Tim Wickberg

Published

2020-05-07

Updated

2024-06-15

CVE-2020-12693

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Slurm versions 19.05.x through 19.05.6 Slurm versions 20.02.x through 20.02.2

Description: The issue is related to an authentication bypass in the SLURM resource management manager. This can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability is associated with the use of an alternate path or channel. A race condition allows a user to launch a process as an arbitrary user, which can lead to unauthorized access.

Recommendations: For Slurm versions 19.05.x through 19.05.6, update to version 19.05.7 or later. For Slurm versions 20.02.x through 20.02.2, update to version 20.02.3 or later.

Fix

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288

Related Identifiers

BDU:2021-01904

CVE-2020-12693

DLA-2886-1

DSA-4841-1

OPENSUSE-SU-2020:1421-1

OPENSUSE-SU-2020:1468-1

OPENSUSE-SU-2020:1969-1

OPENSUSE-SU-2020_1421-1

OPENSUSE-SU-2020_1468-1

OPENSUSE-SU-2020_1969-1

OPENSUSE-SU-2024:11389-1

SUSE-SU-2020:1554-1

SUSE-SU-2020:2598-1

SUSE-SU-2020:2599-1

SUSE-SU-2020:2600-1

SUSE-SU-2020:2601-1

SUSE-SU-2020:2602-1

SUSE-SU-2020:2607-1

SUSE-SU-2020_1554-1

SUSE-SU-2020_2598-1

SUSE-SU-2020_2599-1

SUSE-SU-2020_2600-1

SUSE-SU-2021:0773-1

USN-4781-1

Affected Products

Linuxmint

Slurm

Suse

Ubuntu

PT-2020-5860 · Schedmd+3 · Slurm+3

CVE-2020-12693

Weakness Enumeration

Related Identifiers

Affected Products

References · 99