Vulnerabilities > CVE-2023-49933 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Schedmd Slurm

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

schedmd

CWE-924

NVD

Published: 2023-12-14

Updated: 2024-01-03

Summary

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Vulnerable Configurations

Part	Description	Count
Application	Schedmd Schedmd Slurm 23.02 Schedmd Slurm 23.02.0 Schedmd Slurm 23.02.1 Schedmd Slurm 23.02.2 Schedmd Slurm 23.02.3 Schedmd Slurm 23.02.4 Schedmd Slurm 23.02.5 Schedmd Slurm 23.02.6 Schedmd Slurm 22.05 Schedmd Slurm 22.05.0 Schedmd Slurm 22.05.1 Schedmd Slurm 22.05.2 Schedmd Slurm 22.05.3 Schedmd Slurm 22.05.4 Schedmd Slurm 22.05.5 Schedmd Slurm 22.05.6 Schedmd Slurm 22.05.7 Schedmd Slurm 22.05.8 Schedmd Slurm 22.05.9 Schedmd Slurm 22.05.10 Schedmd Slurm 22.05.11 Schedmd Slurm 23.11	25

Common Weakness Enumeration (CWE)

CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References