Vulnerabilities > CVE-2021-43337

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

schedmd

fedoraproject

NVD

Published: 2021-11-17

Updated: 2023-11-07

Summary

SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have access.

Vulnerable Configurations

Part	Description	Count
Application	Schedmd Schedmd Slurm 21.08.0 Schedmd Slurm 21.08.1 Schedmd Slurm 21.08.2 Schedmd Slurm 21.08.3	6
OS	Fedoraproject Fedoraproject Fedora 34 Fedoraproject Fedora 35	2

References

https://lists.schedmd.com/pipermail/slurm-announce/
https://www.schedmd.com/news.php
https://www.schedmd.com/news.php?id=256
https://lists.schedmd.com/pipermail/slurm-announce/2021/000068.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUWNGDQTS7AWFI7FIHUWQOYJSD2IQTCG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VY34WSSPRPA6MISNYBZWHSGX2SYSEEE/

Vulnerabilities > CVE-2021-43337 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-43337"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2021-43337