PT-2021-4104 · Schedmd+3 · Slurm+3

Published

2021-04-15

·

Updated

2024-06-15

·

CVE-2021-31215

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions SchedMD Slurm versions 20.03.x through 20.11.x before 20.11.7 SchedMD Slurm versions prior to 20.02.7
Description The issue is related to the incorrect handling of environment variables in PrologSlurmctld and EpilogSlurmctld scripts of the SLURM resource management tool. This can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability can lead to remote code execution as SlurmUser due to the mishandling of environment variables when using these scripts.
Recommendations For SchedMD Slurm versions prior to 20.02.7, update to version 20.02.7 or later. For SchedMD Slurm versions 20.03.x through 20.11.x before 20.11.7, update to version 20.11.7 or later. As a temporary workaround, consider disabling the use of PrologSlurmctld and EpilogSlurmctld scripts until a patch is available. Restrict access to sensitive data and monitor for any signs of unauthorized access or denial of service.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2021-04691
CVE-2021-31215
DLA-2886-1
MGASA-2021-0253
OPENSUSE-SU-2021:0821-1
OPENSUSE-SU-2021_0821-1
OPENSUSE-SU-2024:11389-1
SUSE-SU-2021:1787-1
SUSE-SU-2021:1788-1
SUSE-SU-2021:1789-1
SUSE-SU-2021:1790-1
SUSE-SU-2021:1791-1
SUSE-SU-2021:1793-1
SUSE-SU-2021:1810-1
SUSE-SU-2021:1811-1
SUSE-SU-2021:1855-1
SUSE-SU-2021:1856-1
SUSE-SU-2021:2295-1
SUSE-SU-2021:2473-1
SUSE-SU-2021_1787-1
SUSE-SU-2021_1788-1
SUSE-SU-2021_1789-1
SUSE-SU-2021_1790-1
SUSE-SU-2021_1791-1
SUSE-SU-2021_1793-1
SUSE-SU-2021_1810-1
SUSE-SU-2021_1811-1
SUSE-SU-2021_1855-1
SUSE-SU-2021_1856-1
SUSE-SU-2021_2295-1
SUSE-SU-2021_2473-1
USN-4781-1

Affected Products

Linuxmint
Slurm
Suse
Ubuntu