PT-2023-8176 · Schedmd+2 · Slurm+2

Ryan Hall

·

Published

2023-12-13

·

Updated

2026-05-06

·

CVE-2023-49938

CVSS v2.0

8.5

High

VectorAV:N/AC:L/Au:N/C:C/I:P/A:N
Name of the Vulnerable Software and Affected Versions SchedMD Slurm versions 22.05.x through 22.05.10 SchedMD Slurm versions 23.02.x through 23.02.6
Description The issue is related to the sbcast subsystem of the Slurm resource management system and is associated with weaknesses in the authentication procedure. This can allow a remote attacker to bypass existing security restrictions. The problem is due to incorrect access control, which enables an attacker to modify their extended group list used with the sbcast subsystem and open files with an unauthorized set of extended groups.
Recommendations For SchedMD Slurm versions 22.05.x through 22.05.10, update to version 22.05.11 to resolve the issue. For SchedMD Slurm versions 23.02.x through 23.02.6, update to version 23.02.7 to resolve the issue. As a temporary workaround, consider restricting access to the sbcast subsystem until a patch is applied.

Fix

Incorrect Privilege Assignment

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-284

Related Identifiers

BDU:2024-00161
CVE-2023-49938
DSA-5609-1
OPENSUSE-SU-2024:13559-1
OPENSUSE-SU-2024_0278-1
OPENSUSE-SU-2024_0279-1
OPENSUSE-SU-2024_0280-1
OPENSUSE-SU-2024_0283-1
OPENSUSE-SU-2024_0284-1
OPENSUSE-SU-2024_0288-1
SUSE-SU-2024:0278-1
SUSE-SU-2024:0279-1
SUSE-SU-2024:0280-1
SUSE-SU-2024:0283-1
SUSE-SU-2024:0284-1
SUSE-SU-2024:0286-1
SUSE-SU-2024:0287-1
SUSE-SU-2024:0288-1
SUSE-SU-2024:0289-1
SUSE-SU-2024:0309-1
SUSE-SU-2024:0310-1
SUSE-SU-2024:0311-1
SUSE-SU-2024:0312-1
SUSE-SU-2024:0313-1
SUSE-SU-2024:0314-1
SUSE-SU-2024:0315-1
USN-8236-1

Affected Products

Debian
Slurm
Suse